No Need to Bleed for Security!
By Andreea Volosincu
Who doesn’t love a great nickname? Earlier this month, security experts discovered a very serious bug in OpenSSL. And by “discovered” I mean “noticed.” Apparently the bug had been in OpenSSL for 2+ years but only publicly announced now. Following this discovery, two things happened: 1) security gurus were abuzz with worry, and 2) the public immediately gave this bug a name… the Heartbleed bug. What did Wind River do? We activated a security process that brought about a fix in practically just a heartbeat.
The Heartbleed bug is a vulnerability in the cryptographic library that is used to secure a very large percentage of the Internet’s traffic. To assess the magnitude of this bug, and how it can affect users, just know that a good chunk of the Internet’s websites are powered by the Apache web server, and this in turn uses OpenSSL. If you are reading this, you’re likely using the web, so there’s a good chance OpenSSL is part of your life in one way or another.
Security researchers concluded that this bug could affect every Linux distribution released in 2011 and later, including Debian, Ubuntu, RedHat, CentOS, and Fedora. Given that, our Linux and Customer Support organizations put their nose to the grindstone and came up with a security add-on for our Wind River Linux distributions. This happened in a mere 24 hours, and the patch for the susceptible iterations of Wind River Linux is now available as a hot fix, scheduled to be released as a patch on April 30.
As a matter of fact, our team has considerable experience tackling security fires. The embedded market has grown massively in the last years with a heavy focus on security capabilities, especially as the number of vulnerabilities and bugs has risen within the industry. As a result of this trend, our team has been releasing 9 times as many security updates compared to 4 years ago. In fact, with the growing security need in mind, we’ve developed a brand new Security Profile for Wind River Linux. We’ve also boosted our Carrier Grade Profile with some enhanced security features.
Beyond hot fixes and a smooth out-of-box experience, here are 5 more reasons to get excited about the new Security Profile for Wind River Linux and updated Carrier Grade Profile:
- Greater security and high availability to traditional and virtualized networks by enabling virtual routing and forwarding (VRF) with containers to seamlessly provide carrier grade functionality in a virtualized environment
- Addition of General Purpose Operating System Protection Profile (GPOS) and secure boot support
- Addition of new grsecurity enhancements and SE Linux management
- Fight security breaches by providing Evaluation Assurance Level 4 (EAL4) certification evidence; a certification that is increasingly becoming a requirement across industries like A&D, IoT, medical, and networking
- User identification and authentication, access control, and management compliant to the the OS and GPOS Protection Profiles
Additionally, our customers will continue to leverage our long term security monitoring services, and hot fixes, all for the latest 3.10 LTSI kernel with Yocto Project compatibility. So, at Wind River, when we think of OpenSSL’s “heartbeat” feature, we unequivocally say – no more heartbleedings!
For additional information from Wind River, visit us on Facebook.