Empowering the Embedded Industry to Tackle the EU Cyber Resilience Act and Cyber regulations with an Innovative & Open Source Vulnerability Management Solution.
Nurnberg, March 11, 2025 – Savoir-faire Linux, a leading open-source software engineering and consulting firm, is proud to announce the official launch of Vulnscout.io, an open source cybersecurity solution designed to help organizations track, manage, and remediate product vulnerabilities more effectively. Building on last year’s unveiling of its new cybersecurity professional services, this release underscores Savoir-faire Linux’s ongoing commitment to Open Source, reinforced by its active membership in both The Linux Foundation and The Yocto Project communities.
“Openness is in our DNA,” remarks Christophe Villemer, Executive Vice-President of Savoir-faire Linux and LF Energy governing board Member. “That’s why we’ve chosen to release VulnScout.io under an open source license. Our experience contributing to The Yocto Project and our deep involvement with Linux Foundation initiatives have paved the way for a truly community-driven, globally accessible solution. With VulnScout.io, we aim to help product makers and software teams meet the growing challenges of cybersecurity compliance—especially with the looming Cyber Resilience Act in Europe.”
VulnScout.io offers an efficient and pragmatic toolkit for vulnerability tracking, designed to integrate seamlessly within embedded product development life-cycles. Having been firstly tested on The Yocto Project — a framework for designing embedded Linux systems — VulnScout.io helps ensure comprehensive detection and management of vulnerabilities affecting the embedded OS solution.
With the Cyber Resilience Act (CRA) on the horizon, manufacturers and integrators face new regulatory requirements for product security. By providing a transparent, automated approach to generating and managing Software Bill of Materials (SBOM) data, VulnScout.io positions organizations to proactively address vulnerabilities and confidently navigate upcoming compliance standards such as IEC62443, IEC62304, UL2900, and DO-326A.
“From complex industrial controllers to next-gen IoT devices, businesses need a robust solution that scales,” explains Jérôme Oufella, Technology Vice-President at Savoir-faire Linux “VulnScout.io answers that need—and our hands-on experience with Yocto, combined with our background in embedded Linux and the broader open source ecosystem, ensures that it fits naturally into a variety of industry workflows.”
Savoir-faire Linux will unveil VulnScout.io at Embedded World 2025 in Nurnberg (March 11–13) at its booth 4-642, where attendees can explore hands-on demos showcasing real-world SBOM vulnerability tracking to illustrate how embedded systems developers can leverage VulnScout.io for continuous improvement in product security and compliance. On the same dates, Savoir-faire Linux will also be present at Global Industrie in Lyon – exhibiting in the Captronic Village – to promote VulnScout.io and our associated services to companies developing embedded products and impacted by the CRA.
Founded in 1999, Savoir-faire Linux is a leader in open source software engineering, offering consulting services, training, and custom development for embedded and industrial systems. With offices in Montreal (Quebec) and Rennes (France), the company empowers clients worldwide across industries ranging from energy and transportation to telecommunications, robotics, and consumer products. As an active contributor to The Linux Foundation and The Yocto Project, Savoir-faire Linux champions collaborative, transparent development, setting new benchmarks for secure, sustainable innovation in the embedded realm.
Savoir-faire Linux is excited to announce DHTNet, a powerful new C++17 library spun off from the Jami project that simplifies peer-to-peer connectivity. DHTNet enables developers to establish secure P2P connections between devices using only public keys, eliminating the need for centralized infrastructure or direct IP addressing. Features Connection Management: DHTNet simplifies the establishment and management […]
What’s new? We’re happy to announce the release of v2.8.0, which includes a few new features as well as bug fixes. Check out the summarized changelog below: Renamed command “Pick configuration” to “Change active buildConfiguration” Automatically re-scan when changing buildConfiguration Cache per-buildConfiguration scan results Make the recipes view appear as “loading” while a scan is […]
What’s new? We’re happy to announce the release of v2.7.0, which includes a few new features as well as bug fixes. Check out the summarized changelog below: Add bitbake environment scan for global variables Add skipped recipes to the tree view with skip reason Add support for latest Yocto devtool status output Add sanity check […]
What’s new? We’re happy to announce the release of v2.6.0, which includes which a few new features, improvements to user experience, and minor bug fixes. Check out the summarized changelog below: Handle completion on bash simple variable expansion Handle keywords import, require and inherit in Bash/Python context Add SPDX license suggestions Show license description on […]
What’s new? We’re happy to announce the release of v2.5.0, which includes a few new features as well as quality-of-life improvements and minor bug fixes. Here is the change log: Add Yocto variables renaming across a recipe file Add code suggestions for SRC_URI local files Add code suggestions for recipe names in variables (DEPENDS, RDEPENDS, […]
