WIND RIVER STUDIO: DEPLOY

Security

Wind River Studio ensures the confidentiality and integrity of the deployment workflows to maintain and strengthen the security posture of fielded embedded devices.

Take a Security Assessment Contact Us

Ensure that edge devices are secure from cyberattacks.

On the intelligent edge, security threats are constantly evolving. Wind River® provides advanced security features to help you build secure devices, protected from the latest threats. Stay up to date with the latest security patches with our searchable database linked to MITRE’s list of Common Vulnerabilities and Exposures (CVEs).

Detailed Inventory and Verification of Deployed Assets

Full inventory and verification of device components, including hardware and firmware, geolocation, and software bill of materials (SBOM).

Onging Security Vulnerability Monitoring

Continuous vulnerability and defect monitoring of deployed software from Wind River with timely notifications identifying high-risk threats that could impact Wind River software versions and detailed plans for resolution.

See Vulnerability Responses »

Multiple Security Checkpoints

Multiple integrity checkpoints throughout the deployment cycle to ensure software provenance from origin to the endpoint.

Build and Deploy Secure Communications

Encrypted and mutually authenticated communication between the development and deployment workflows.

Edge Device Platform Security

Configure edge device platform software for optimal security with capabilities such as secure boot, encrypted communications, and digitally signed software images.

Mitigation for Common Vulnerabilities and Exposures (CVEs)

Mitigation for Common Vulnerabilities and Exposures (CVEs)

Wind River is committed to active threat monitoring, rapid assessment and prioritization, proactive customer notification, and timely fixes. Get detailed information to help protect your fielded edge devices from the latest common security vulnerabilities, along with Wind River responses and remediation information on these potential cybersecurity threats. To learn more, access the Wind River searchable database of CVEs.

The latest VxWorks security enhancements

Security is always in the DNA of VxWorks®. Some of the latest security features of VxWorks include: Arm® TrustZone OP-TEE secure hardware isolation for Trusted Execution Environments, GE Digital Achilles Level 2 Certification for IEC 62443-4-2, secure boot/secure loader options, kernel page-table isolation (KPTI) support, an OpenSSL FIPS 140-2 module, and updates to address the latest CVEs.

The latest VxWorks security enhancements
Security risks for Linux devices

Security risks for Linux devices

Linux devices are susceptible to more security vulnerabilities every day, and the open source community only addresses these vulnerabilities in the latest versions of Linux. If you have devices in the field, Wind River can help you by providing security fixes for the older versions of Linux that may be running in your devices and provide you tools to help you push those updates to your devices.

Have You Protected Yourself from Cyberthreats?

Have You Protected Yourself from Cyberthreats?

Interested in a laser-focused security analysis? Walk through a brief set of questions and see how you fare.

Take a Security Assessment »

Wind River Studio Security for Deployment FAQs

Containers are built securely in Studio and include a digital signature applied as an integrity seal. The container is then transferred to Wind River Studio Conductor over a mutually authenticated and encrypted channel. The integrity of the container is verified prior to deploying the update to the end point. All steps, from receiving the container to deploying the container, are logged, and the inventory of the updated end points is kept current.

NIST defines security posture as the security status of an enterprise’s networks, information, and systems based on information security resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. The capabilities include the security audit messages logged by each component within the network, secured communications, and access controls.

The checkpoints include an integrity seal applied at the development stage and confirmed at the deployment stage and at the final end point, confirmation of pushing the update to the endpoint, and measurement of the end component’s security posture prior to pushing the update.

Artifacts include security audit logs, deployment blueprints, and a detailed and current inventory of all components under the deployment’s jurisdictions.

Because of the large number of end devices to update, the available update time window of each device, and the number of allowed retry attempts, automation is mandatory to minimize the risk to the overall update process.