Security Pattern

Software Services

Services:

Consulting

Operating Systems:

Android, Embedded Linux, FreeRTOS, OpenWRT, Torizon, Yocto

SUM is a SBOM and vulnerability management platform for connected devices and systems. Build upon the principles of a strong vulnerability management process, SUM supports device manufacturer to identify, triage, address and report vulnerabilities, including the widely used CVEs (Common Vulnerabilities and Exposures). The platform enables the generation, management and export of SBOM (Software Bill of Material).

Projects Overview

Security Pattern demonstrated the capabilities of SUM, their SBOM and vulnerability management platform, on Toradex hardware at Embedded World 2024..

• Toradex Apalis iMX6 System on Module running on Torizon OS (kirkstone 6.1.80)
• On top of the Torizon OS, they implemented a custom application layer, that consist of a Samba service and a Python server.
• In this demo they show how a known vulnerability of a software component in the custom application layer (samba 4.1.17+dfsg-2), can be easily exploited by an attacker to compromise the functionality of the whole system.
• They demonstrate how this kind of situations can be prevented by implementing a vulnerability management process, aimed at proactively identifying, evaluating and addressing known vulnerabilities within the system before being exploited by attackers.

Additional Services

Services:

Programming language independent solutions

We provide pre-packaged and custom cybersecurity consultancy services, such as code review, penetration testing and training.

Contact

Region

Worldwide