BSidesLV 2017 has ended
Back To Schedule
Wednesday, July 26 • 10:30 - 10:40
Technical Tactics: Embedded Linux Software BOM

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Manufacturers in the medical, industrial and automotive industries can no longer just design a product and sell it, unchanged, for a decade. Keeping their products up to date on OS and library versions is crucial for maintaining safety and security. This is a herculean task for many manufacturers. Many do not even know what libraries are installed on their device. Those that do find it hard to keep up to date on known library vulnerabilities.

I will go over how to use open source tools to generate a software Bill of Materials for an embedded linux system (even one you didn't design! *wink wink*) and how to cross reference that BOM with the NIST NVD to search for known 3rd party vulnerabilities. I will then show how to integrate that process into a continuous integration system so that you can get automated updates when new CVEs are discovered.

avatar for daniel beard

daniel beard

Vp of Technology, Promenade Software
Daniel is VP of Technology at Promenade Software, a medical device software services company and Director of MedISAO, an information sharing and analysis organization specifically targeting small-to-medium medical device manufacturers. Talk to him about anything regarding medical... Read More →

Wednesday July 26, 2017 10:30 - 10:40 PDT
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169