Another Azure Sphere release has occurred and to accommodate the release I am presenting another security blog post. We are committed to keep our system secure against evolving security threats which takes both internal and external effort, the most recent external effort being the Azure Sphere Security Research Challenge that has wrapped up. Let's get to the list of changes and fixes done on the system without wasting any further time.
Our list of security enhancements and fixes:
We are always striving in our work to improve our security promises and to enhance the platform. It is known that we have been doing fuzzing for awhile, however all of our fuzzing has been pieces of the system. We have been working hard and have now advanced our ability to allow full end to end fuzzing of the system, expanding our testing abilities and giving us one more tool to use to help identify coding flaws. Coding flaws are only part of the issue though, tools looking for a crash will never catch information leakage nor catch bugs that allow for privilege escalation due to improper validations which opens up whole new arenas of validations that need to be reviewed.
As I've heard a lot recently "onwards and upwards".
Jewell Seay
Azure Sphere OSP Security Lead
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.