Gareth Smith - 17 September 2019
In late July, news broke that researchers at Armis Labs had identified numerous vulnerabilities in an operating system known as VxWorks, leaving approximately 200 million devices vulnerable. Unfamiliar with VxWorks? You’re not alone—as Ben Seri, VP of research at Armis put it, “VxWorks is the most widely used operating system you may have never heard of.”
While it may fly under the radar for most people, VxWorks is an operating system designed for continuously functioning devices like medical equipment, satellite modems, industrial control products and IoT devices. In other words, it’s extremely mission critical and applying patches to address bugs is no simple task. Writing about the vulnerability in a piece for Wired, reporter Lily Hay Newman said, “[T]he nature of VxWorks devices—they typically run continuously, and often depend on customized software that requires a tailored patching process—makes it challenging to implement a fix.”
Armis’ chief marketing officer, Michael Parker, elaborated, “It’s things like firewalls or robotic arms, or think about patient monitors and medical equipment. They have to basically create a whole new operating system and get FDA approval. You can’t just shut down a product line and do these updates.”
The good news is that neither Armis or Wind River, VxWorks’ developer, found any evidence that the vulnerabilities have been exploited. But the situation illustrates just how crucial it is that companies and developers working with mission critical systems stay ahead of any software bugs—there simply is no alternative.
The only way to achieve this testing certainty is through AI-driven continuous intelligent test automation. Our Digital Automation Intelligence (DAI) Suite uses scriptless models, AI and analytics to expand automation beyond test execution to the full testing process. This ensures that companies can spot and address bugs prior to release, avoiding the lengthy, expensive and challenging process of applying patches and updates.
Of course, it’s always possible that issues could crop up after a system has gone live. That’s where Eggplant Release Insights comes in. Our technology enables companies to monitor current release status and identify any defects or issues—from quality problems like bugs through to customer journey data on how the release is impacting users.
These capabilities are essential when testing mission critical systems, as the implications of poor performing software can be catastrophic. While the VxWorks vulnerabilities were identified before they could be exploited, researchers pointed to a number of ways in which hackers could have capitalized on them for nefarious purposes, ranging from data manipulation to disrupting physical world equipment to endangering lives by compromising essential healthcare equipment.
Learn more about how Eggplant powers mission critical technology—including NASA’s latest spacecraft, Orion. And for more on our DAI Suite and how continuous intelligent testing can benefit your business, click here.