What does 100% coverage for VxWorks mean, and why is it important for embedded systems security?

In this RunSafe Security Minute, CTO Shane Fry explains  how achieving 100% coverage for VxWorks removes the attacker’s ability to use ROP gadgets and prevents memory-corruption exploits in embedded systems.

What does 100% coverage for VxWorks mean, and why is it important for embedded systems security?

What “100% coverage” for VxWorks Means — and Why It Stops Exploits

In this RunSafe Security Minute, Shane Fry, RunSafe’s CTO, answers a critical question for embedded systems security: what does “100% coverage” for VxWorks actually mean, and why should teams care? 

Historically, defenses focused on user-space code and application DKMs, but for many VxWorks systems the majority of the exploitable attack surface lives in the kernel. RunSafe pushed protections earlier in the boot and extended randomization so it covers both kernel and application code. The result: RunSafe’s protections eliminate essentially all usable ROP (return-oriented programming) gadgets an attacker would rely on. 

Even if an attacker can write over memory or drop code on the stack, they can’t predict where code lives, so memory-corruption techniques fail. This approach makes VxWorks systems far more resilient to real-world exploitation with minimal developer disruption.