From the outset, security needs to be a key ingredient in tooling embedded Linux systems—not an afterthought.
Software security is a complex challenge as software has many of its own security features, such as authentication methods, encryption, intrusion prevention and detection, and backup. At the same time, it can also contain errors (both deliberate and accidental) that can affect the system’s security, including design flaws, programming errors, and backdoors.
Embedded solution developers need to ask pointed questions about the critical nature and manageability of security prior to selecting an operating system:
- How will the maintenance of security and patches be managed?
- What resources are available to maintain and monitor available security patches?
- Are enough resources available to maintain security updates/patches changes to the operating system?
- How frequently will patches and updates be issued?
- How many resources/personnel are needed to execute any security changes/updates?
- Who needs access to what resources or data?
- What is the required functionality for the solution?
Based on the answers to these questions, embedded system developers can often determine how well security is integrated into the operating system, and how it is managed.
If using a custom operating system, or unsupported Linux distribution, development teams will be required to include these security updates themselves. The financial commitment and number of man hours associated with developing and maintaining a custom Linux distribution or proprietary operating system can be prohibitive.
AuthO recently found that 85 percent of developers admitted that they had rushed applications to market despite having security concerns about the device. Embedded solution developers that use a commercial Linux operating system can be confident that security patches and updates are easily managed prior to launch, and over the course of a product lifecycle.
SUSE Embedded solutions provide embedded system developers with confidence that security is never an afterthought.
What other critical security questions are you asking before selecting an operating system for embedded development?