Sign up to save your podcasts
Or
Share 515: Script Boomers
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
515: Script Boomers
Nick Kartsioukas joined us to talk about security in embedded systems.
Common Vulnerabilities and Exposures (CVE) is the primary database to check your software libraries, tools, and OSs: cve.org.
Open Worldwide Application Security Project (OWASP, owasp.org) has information on how to improve security in all kinds of applications, including embedded application security. There are also cheatsheets, Nick particularly recommends Software Supply Chain Security - OWASP Cheat Sheet.
Wait, what is supply chain security? Nick suggested a nice article on github.com: it is about your code and tools including firmware update, a common weak point in embedded device security.
Want to try out some security work? There are capture the flag (CTF) challenges including the Microcorruption CTF (microcorruption.com) which is embedded security related. We also talked about the SANS Holiday Hack Challenge (also see Prior SANS Holiday Hack Challenges).
This episode is brought to you by RunSafe Security.
Working with C or C++ in your embedded projects? RunSafe Security helps you build safer, more resilient devices with build-time SBOM generation, vulnerability identification, and patented code hardening. Their Load-time Function Randomization stops the exploit of memory-based attacks, something we all know is much needed. Learn more at RunSafeSecurity.com/embeddedfm.
Some other sites that have good information embedded security:
-
This World Of Ours by James Mickens is an easy read about threat modelling
-
Cybersecurity and Infrastructure Security Agency (CISA) is at cisa.gov and, among other things, they describe SBOMs in great detail
-
National Institute of Standards and Technology (NIST) also provides guidance:
-
Internet of Things (IoT) | NIST
-
NIST Cybersecurity for IoT Program
-
NIST SP800-213 IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements
-
There is a group of universities and organizations doing research into embedded security: National Science Foundation Center for Hardware and Embedded Systems Security and Trust (CHEST). Descriptive overview and the site is nsfchest.org
-
European Telecommunications Standards Institute (ETSI) - Consumer IoT Security
-
Camera Ubiquiti configuration issue (what not to do)
Finally, Nick mentioned Stop The Bleed which provides training on how you can control bleeding, a leading cause of death. They even have a podcast (and we know you like those). Elecia followed up with Community Emergency Response Teams (CERT). Call your local fire department and ask about training near you! Transcript
View all episodes
By Logical Elegance
4.8
188188 ratings
Nick Kartsioukas joined us to talk about security in embedded systems.
Common Vulnerabilities and Exposures (CVE) is the primary database to check your software libraries, tools, and OSs: cve.org.
Open Worldwide Application Security Project (OWASP, owasp.org) has information on how to improve security in all kinds of applications, including embedded application security. There are also cheatsheets, Nick particularly recommends Software Supply Chain Security - OWASP Cheat Sheet.
Wait, what is supply chain security? Nick suggested a nice article on github.com: it is about your code and tools including firmware update, a common weak point in embedded device security.
Want to try out some security work? There are capture the flag (CTF) challenges including the Microcorruption CTF (microcorruption.com) which is embedded security related. We also talked about the SANS Holiday Hack Challenge (also see Prior SANS Holiday Hack Challenges).
This episode is brought to you by RunSafe Security.
Working with C or C++ in your embedded projects? RunSafe Security helps you build safer, more resilient devices with build-time SBOM generation, vulnerability identification, and patented code hardening. Their Load-time Function Randomization stops the exploit of memory-based attacks, something we all know is much needed. Learn more at RunSafeSecurity.com/embeddedfm.
Some other sites that have good information embedded security:
-
This World Of Ours by James Mickens is an easy read about threat modelling
-
Cybersecurity and Infrastructure Security Agency (CISA) is at cisa.gov and, among other things, they describe SBOMs in great detail
-
National Institute of Standards and Technology (NIST) also provides guidance:
-
Internet of Things (IoT) | NIST
-
NIST Cybersecurity for IoT Program
-
NIST SP800-213 IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements
-
There is a group of universities and organizations doing research into embedded security: National Science Foundation Center for Hardware and Embedded Systems Security and Trust (CHEST). Descriptive overview and the site is nsfchest.org
-
European Telecommunications Standards Institute (ETSI) - Consumer IoT Security
-
Camera Ubiquiti configuration issue (what not to do)
Finally, Nick mentioned Stop The Bleed which provides training on how you can control bleeding, a leading cause of death. They even have a podcast (and we know you like those). Elecia followed up with Community Emergency Response Teams (CERT). Call your local fire department and ask about training near you! Transcript
More shows like Embedded
View all
Software Engineering Radio
271 Listeners
Hanselminutes with Scott Hanselman
384 Listeners
The Changelog: Software Development, Open Source
288 Listeners
Software Engineering Daily
624 Listeners
LINUX Unplugged
267 Listeners
Talk Python To Me
584 Listeners
The Amp Hour Electronics Podcast
233 Listeners
Home Assistant Podcast
70 Listeners
Syntax - Tasty Web Development Treats
986 Listeners
Unnamed Reverse Engineering Podcast
40 Listeners
Darknet Diaries
8,044 Listeners
CoRecursive: Coding Stories
190 Listeners
The Stack Overflow Podcast
63 Listeners
The Real Python Podcast
143 Listeners
Oxide and Friends
63 Listeners