What “100% coverage” for VxWorks Means — and Why It Stops Exploits
In this RunSafe Security Minute, Shane Fry, RunSafe’s CTO, answers a critical question for embedded systems security: what does “100% coverage” for VxWorks actually mean, and why should teams care?
Historically, defenses focused on user-space code and application DKMs, but for many VxWorks systems the majority of the exploitable attack surface lives in the kernel. RunSafe pushed protections earlier in the boot and extended randomization so it covers both kernel and application code. The result: RunSafe’s protections eliminate essentially all usable ROP (return-oriented programming) gadgets an attacker would rely on.
Even if an attacker can write over memory or drop code on the stack, they can’t predict where code lives, so memory-corruption techniques fail. This approach makes VxWorks systems far more resilient to real-world exploitation with minimal developer disruption.