This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, July 26 • 10:30 - 10:40
Technical Tactics: Embedded Linux Software BOM

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Manufacturers in the medical, industrial and automotive industries can no longer just design a product and sell it, unchanged, for a decade. Keeping their products up to date on OS and library versions is crucial for maintaining safety and security. This is a herculean task for many manufacturers. Many do not even know what libraries are installed on their device. Those that do find it hard to keep up to date on known library vulnerabilities.

I will go over how to use open source tools to generate a software Bill of Materials for an embedded linux system (even one you didn't design! *wink wink*) and how to cross reference that BOM with the NIST NVD to search for known 3rd party vulnerabilities. I will then show how to integrate that process into a continuous integration system so that you can get automated updates when new CVEs are discovered.

avatar for daniel beard

daniel beard

Director, MedISAO
Daniel is VP of Technology at Promenade Software, a medical device software services company and Director of MedISAO, an information sharing and analysis organization specifically targeting small-to-medium medical device manufacturers. | | Talk to him about anything regardi... Read More →

Wednesday July 26, 2017 10:30 - 10:40
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169