Does Toradex continously monitor for CVEs

Dear Sirs,

does Toradex employ cyber security scanning tools like e.g. OpenVAS, Metasploit or their commercial versions to continously monitor their distro for possible vulnerabilities ?

Could the results of such scans be made available to customer of Toradex SoM ?

Norbert Valder

hi @nvTux

Welcome to Toradex Community?

Could you provide the version of the hardware and software of your module?
What is your use-case? What possible vulnerabilities are you referring to?

Best regards

Hi Jaski,

we use the Colibri Board, Hardware-Version V1.1A, and the image V2.7.
(Kernel : toradex_4.1-2.0.x-imx, U-Boot 2016.11-toradex)

We are about to launch a new product generation. It will be in production for 5 to 10 years and customers expect another approx. 10 years of maintenance support. Hence we look for ways to maintain the product firmware over a period of 15-20 years.

“Maintain” means from some point onwards to patch for cyber security issues aka. CVEs.
We have to decide whether we stick with the Toradex distro or rather move to Mainline.

Please advise on Toradex long term software support strategy for the a.m. Colibri board.

Cheers nvTux



Our support strategy is published here. So far we do not separately monitor for CVEs but periodically update all external Angstrom Distribution/OpenEmbedde/Yocto Project layers for stable fixes/updates.