MontaVista Announces Built-in Readiness for Enterprise Linux to Address Supply Chain Security


MontaVista incorporates Zero Trust and Secure-by-Design features for MVShield and MVSecure to secure the entire Software Supply Chain.


San Jose, CA, 06 Feb 2024 –– MontaVista® Software, LLC, a leader in commercial Embedded Linux® products and services announces availability of Zero Trust and Secure-by-Design features for the MVShield and MVSecure line of products by incorporating development features to secure the entire Software Supply Chain. This provides a one-stop solution to create a secure and validated software supply chain for use-cases in the Enterprise Linux/MVShield target markets, like the radio and core networking, the Intelligent Edge, network- and application-level security appliances and generic enterprise applications. This follows up MontaVista’s strategic announcement late last year to start rapid evolution in the platform security area based on growing demand and recent regulatory guidelines. 

MVShield and MVSecure are the first products in MontaVista’s portfolio to be enhanced for security following this strategy. The plan is also to introduce similar enhancements shortly to MontaVista’s leading embedded product, CGX. The main areas addressed are:

  1. In the immediate term, MVShield will support securing the Software Supply Chain, by adding functionality and tooling for Software Bill Of Materials (SBOM) generation and validation and Common Vulnerabilities and Exposures (CVE) reporting and scanning. This will include supporting CVE management descriptions to support scanners such as Tenable Nessus, CIS-CAT and OpenSCAP.
  3. These enhancements will make it effortless for MVShield customers to support the reporting and compliance requirements for many market-specific certifications and regulatory requirements, such as those of the FDA and CISA.
  5. A core value of these enhancements is enabling compliance with overarching cybersecurity focus and legislation like the EU Cyber Resilience Act and the US Executive Order on Cybersecurity, as well as benchmarks like the CISA Cyber Trust Mark. 
  7. Further, MVShield and MVSecure are aiming to reduce the possibility of injection of Zero-Day Vulnerabilities and malicious updates by integrating an open-source scorecard methodology for all content. Having the content automatically reviewed by MontaVista’s tools, as well as via manual inspection by MontaVista’s domain experts, will greatly increase visibility into the reliability of software used in end customers’ platforms.

MVShield is MontaVista’s Enterprise Linux distribution derived from CentOS Linux and Rocky Linux, retaining much of the source and binary compatibility of this proven Enterprise Linux ecosystem. Already deployed for several years at Tier1 customers across the telecom, networking, and security markets, MVShield has provided customers strict mission-critical SLA support and long-term maintenance on their chosen baseline of content, while amending the base distribution content. MVShield is an enterprise-level Linux with enhancements from the embedded world - allowing customers to take advantage of MontaVista’s decades of deep technical expertise, long-term support experience and open avenues unlike other embedded distributions like utilizing MontaVista for specific enhancements like customized support for AI via GPU/TPU driver customization or support for totally custom hardware platforms.

MVSecure is MontaVista’s complementary services offering that provides all the necessary services to enhance the platform security of the customers’ Linux baseline. MVSecure provides a one-stop shop for enhancements for making any Linux comply with the EU Cyber Resilience Act, the US Cybersecurity laws, FDA regulations, or security-specific certifications like Common Criteria. 

MVSecure can also help in more targeted projects, such as helping customers incorporate security facilities like secure boot, SELinux and Linux integrity management.


Supporting Quotes: 

“Building in security via Supply Chain and vulnerability management is key for many of our customers”, said Iisko Lappalainen, Director of Product Management at MontaVista Software, “We’re excited to bring a full set of features for compliance across our products, starting with MVShield. MontaVista can provide a full end-to-end platform solution for customers to address the upcoming regulations in US and EU, making the compliance process seamless and painless, while helping our customers focus on their value-add.”

MontaVista is encouraging customers and partners to contact your local representative, or MontaVista at and/or visit for more information and discussions.