Loading...
Share this Job
Location: 

Kortrijk, BE

Date:  Nov 18, 2020
Job ID:  462

Internship: Vulnerability management of embedded systems

Barco designs technology that makes everyday life a little better. Seeing beyond the image, we develop sight, sound, and sharing solutions to help you work together, share insights, and wow audiences. Our focus is on three core markets: Enterprise (from meeting and control rooms to corporate spaces), Healthcare (from the radiology department to the operating room), and Entertainment (from movie theaters to live events and attractions). With a team of over 3,600 employees, located all around the globe, we realized sales of 1,082.6 million euro in 2019. 

 

 

Function

 

Barco is market leader in digital projection and imaging technology in different niche markets. Barco’s solutions include on prem devices, which are often running embedded firmware. This firmware is specifically designed in-house to minimize footprint and optimize performance with focus from the early stages on security and privacy.

 

Furthermore a lot of open source components are integrated in the embedded firmware images. Integrating open source components has the advantage of integrating mature functionality which is continuously maintained and improved by the community, though on the other hand introduces risks related to license compliance and security.

 

Every open source component is released with a license, which is a legal and binding contract between the author and the user of a software component. It specifies how the software component can be used and what are the implications to other software components it is interacting with. Integrating an open source component in the wrong way could introduce risks like e.g. the obligation to disclose your own source code, which is often not the desired scenario.

 

Next to the license risk also a security risk is introduced by integrating open source components. On a regular basis vulnerabilities are disclosed in popular open source components, which could lead to a compromise of a solution integrating the vulnerable component.

Therefore it is extremely important to monitor the used open source components for both license and security risks through the lifetime of a solution.

 

 

Key responsibilities

 

For this specific internship we are looking for a student who can develop a service which can verify based on a provided list of open source components with metadata (version, license, applied patches, …) which vulnerabilities are present in a specific firmware image and indicate to which version should be upgraded to mitigate. A backend service should daily verify with the National Vulnerability Database if the used open source components are vulnerable or not. Via a frontend UI a dashboard should be offered to an authenticated user, displaying the security status of all open source components in a specific firmware version.

 

First focus is on covering the security risks, a nice add-on would be to also display license risks, based on pre-defined internal policy (what is allowed and what is not allowed)

 

 

Qualifications

 

  • You are familiar with the following languages, tools and platforms:
    • C/C++
    • Python, bash shell
    • Nodejs, React
    • Docker
    • Git
  • You are a team player and open for discussions with R&D teams
  • You are pragmatic and solution oriented