Embedded Insiders Podcast

Let's Settle This. What's More Secure, Proprietary or Open Source?

June 26, 2020 Brandon Lewis and Richard Nass of Embedded Computing Design, Featuring Special Guest Kate Stewart, Senior Director of Strategic Programs at the Linux Foundation Season 3 Episode 7
Embedded Insiders Podcast
Let's Settle This. What's More Secure, Proprietary or Open Source?
Chapters
1:00
Let's Settle This. What's More Secure? Proprietary or Open Source?
7:53
Security, Safety & Open Source with Kate Stewart, Senior Director of Strategic Programs, Linux Foundation
Embedded Insiders Podcast
Let's Settle This. What's More Secure, Proprietary or Open Source?
Jun 26, 2020 Season 3 Episode 7
Brandon Lewis and Richard Nass of Embedded Computing Design, Featuring Special Guest Kate Stewart, Senior Director of Strategic Programs at the Linux Foundation

This week on the Embedded Insiders, Brandon and Rich discuss an age-old controversy: What’s more secure? Proprietary or open-source software?

That discussion leads into an interview with Kate Stewart, Senior Director of Strategic Programs at the Linux Foundation, who joins the program to explain how the Zephyr Project responded to 25 vulnerabilities recently uncovered in its open-source code base by the NCC Group, an independent security analysis firm. 

After reassuring the Insiders by detailing the steps taken to remedy those bugs and explaining the security practices in place at the Zephyr Project, Stewart continues to introduce the Embedded Linux in Safety Applications, or ELISA, project, which seeks to better align Linux software and tools with the requirements of safety-critical industries. Where does ELISA fit in with other projects like RTLinux, and how can the software test community help accelerate the expansion of Linux into platforms ranging from road vehicles to rockets?

For more information on the Zephyr vulnerabilities, read “Another IoT Security "Uh-Oh": 26 Flaws in Open-Source Zephyr and MCUboot Stacks” on www.embedded-computing.com.

To learn more about the ELISA Project and updates to the Zephyr Project, attend one of Kate Stewarts presentations during the Linux Foundation’s Open Source Summit North America, a virtual event taking place from June 29th to July 2nd. For more information or to register, visit https://ossna2020.sched.com/event/c3ZE.

Show Notes Chapter Markers

This week on the Embedded Insiders, Brandon and Rich discuss an age-old controversy: What’s more secure? Proprietary or open-source software?

That discussion leads into an interview with Kate Stewart, Senior Director of Strategic Programs at the Linux Foundation, who joins the program to explain how the Zephyr Project responded to 25 vulnerabilities recently uncovered in its open-source code base by the NCC Group, an independent security analysis firm. 

After reassuring the Insiders by detailing the steps taken to remedy those bugs and explaining the security practices in place at the Zephyr Project, Stewart continues to introduce the Embedded Linux in Safety Applications, or ELISA, project, which seeks to better align Linux software and tools with the requirements of safety-critical industries. Where does ELISA fit in with other projects like RTLinux, and how can the software test community help accelerate the expansion of Linux into platforms ranging from road vehicles to rockets?

For more information on the Zephyr vulnerabilities, read “Another IoT Security "Uh-Oh": 26 Flaws in Open-Source Zephyr and MCUboot Stacks” on www.embedded-computing.com.

To learn more about the ELISA Project and updates to the Zephyr Project, attend one of Kate Stewarts presentations during the Linux Foundation’s Open Source Summit North America, a virtual event taking place from June 29th to July 2nd. For more information or to register, visit https://ossna2020.sched.com/event/c3ZE.

Let's Settle This. What's More Secure? Proprietary or Open Source?
Security, Safety & Open Source with Kate Stewart, Senior Director of Strategic Programs, Linux Foundation