Use your purchasing power to help firmware security: LVFS (fwupd) and the UK GCHQ (UK version of NSA)

If you’re following https://firmwaresecurity.com and you have any interest in Linux, you should also follow the LVFS (fwupd) blog by Richard Hughes:

https://blogs.gnome.org/hughsie/2018/10/30/1734/

The National Cyber Security Centre (part of GCHQ, the UK version of the NSA) wrote a nice article on using the LVFS to influence procurement decisions. It’s probably also worth noting that the two biggest OEMs making consumer hardware also require all their ODMs to also support firmware updates on the LVFS. More and more mega-corporations also have “supports the LVFS” as a requirement for procurement.

The linked article: https://www.ncsc.gov.uk/blog-post/firmware-updates-linux-and-using-data-influence-procurement-decisions

We believe data such as this can help determine the firmware support lifetimes for a device or whether a device is still receiving regular firmware updates. It can also be used to aid in predicting typical support lifetimes for future devices. These may be important factors when considering whether your device should still be considered ‘in support’.

I assert that proactively purchasing devices that are well supported under LVFS (fwupd) today is a good move. It says a lot about your vendor as noted above. Even if you have no Linux at all in your infrastructure.. that could all change well within the lifespan of your hardware.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s