™ Sources 1. http://www.mcafee.com/us/security-awareness/articles/mcafee-labs-threats-predictions-2016.aspx 2. https://www2.fireeye.com/WP-Zero-Day-Danger-LP.html 3. https://nvd.nist.gov/ 4. http://www.slideshare.net/blackducksoftware/2015-future-of-open-source-survey-results 5. https://cve.mitre.org/ Learn how Wind River security monitoring can help you keep your devices protected after deployment: windriver.com/products/linux/security. 310 days 6,270 Knock-Knock: Who’s There? Zero-Day Exploits Like Heartbleed, Shellshock, and OpenSSL 2015 2016 2015 2016 Low 0 1,000 2,000 3,000 4,000 5,000 6,000 7,000 Medium High Critical Critical High Medium Low 594 186 3,497 2,281 1,255 1,702 1,213 1,054 2015–2016 Trends 16.34% of vulnerabilities are critical. McAfee predicted that non-Windows systems would be highly targeted in 2016. Critical Vulnerabilities and Exposures (CVEs) per year on average over the last 5 years High severity CVEs doubled from 2015 to 2016. 2016 Vulnerabilities by Severity Vulnerabilities discovered by cybercriminals remain unknown to the public for an average of 310 days. That gives cybercriminals ample time to steal organizations' most valuable assets. The Bad The Good Increasing abundance of open source projects Opportunities and Challenges with Keeping Your Code Secure Monitoring is not very glamorous. Current research shows that developers are always excited to work on the next emerging technology, not necessarily updating the base platform. 67% don’t monitor open source code for security vulnerabilities 1400000 200000 400000 600000 800000 1000000 1200000 0 2007 2009 2011 2013 2015 Using open source enables users to take fast action. Information about vulnerabilities surfaces quickly through legions of users and researchers. Low Medium High Critical The Price of Protection Yearly cost to staff a security monitoring team K highly skilled engineers required to investigate and address yearly CVEs attacks watering hole code action - script execution man - - in the middle attacks Wind River Linux fixed 5157CVEs in its Linux products in 2016. More Connected Devices = More Data = More Risk What’s in your lurking code? Security in the Connected Era 2.88% 35.37% 16.34% 41.90% Wind River Keeps You Safe Monitoring Monitoring specific security notifications from US Government agencies and organizations like NIST, US CERT, and also public and private security mailing lists. Assessment Determining whether any supported Wind River product is actually susceptible to the vulnerability. Notification Notifying affected customers of the level of susceptibility. Remediation Creating patches for vulnerabilities even before the community publicly announces them, or in the monthly product updates. 32.2 ZB More Data 1B More Users 8.1B More Internet-Connected Devices 95.6 EB More Network Traffic