We build security systems for connected-device makers shipping to the US, the EU, and beyond — engineering services and embedded software for Linux devices. 我们为面向美国、欧盟及全球市场出货的联网设备厂商构建安全系统——提供工程服务与面向 Linux 设备的嵌入式软件。
Follow the projects that matter to you. Get development updates, early access, and opportunities to help shape what ships. 关注你感兴趣的项目,获取开发进展、早期体验机会,并参与塑造最终上线的产品。
Two ways to work with us: engineering help to meet the EU Cyber Resilience Act, and a maintained security layer built into your Linux image. 两种合作方式:帮助你满足欧盟《网络韧性法案》的工程服务,以及内建于 Linux 镜像的持续维护安全层。
The Cyber Resilience Act makes product security mandatory, dated, and expensive to ignore. We do the engineering work that gets a connected product ready — so you hit your deadline without building a security team first. 《网络韧性法案》让产品安全成为有明确期限的强制要求,忽视它的代价高昂。我们负责让联网产品达标所需的工程工作——让你不必先组建安全团队,也能按期完成。
Engineering support for connected-product makers — not legal advice or conformity assessment. 面向联网产品厂商的工程支持——不提供法律意见或合格评定。
Start a conversation开始咨询SBOM workflows — generating and maintaining a software bill of materials as part of your normal build. SBOM 流程——在常规构建流程中生成并持续维护软件物料清单。
Vulnerability handling — a working process for tracking, triaging, and patching CVEs, including 24-hour exploited-vulnerability reporting readiness. 漏洞处理——建立可运转的 CVE 跟踪、分级与修补流程,包括被利用漏洞 24 小时上报的应对准备。
Secure-by-design hardening — reviewing and hardening the image, update path, and network surface of your device. 安全设计加固——审查并加固设备镜像、升级通道与网络暴露面。
Technical-documentation evidence — the engineering artifacts your CRA technical file needs, produced as you build rather than reconstructed later. 技术文档证据——CRA 技术文件所需的工程证据,在开发过程中同步产出,而不是事后补做。
A CRA-ready security layer for connected Linux devices, delivered as a Yocto meta-layer and a supported subscription. It bakes network visibility, policy enforcement, and continuously maintained compliance evidence directly into the image you already ship. 面向联网 Linux 设备的 CRA 就绪安全层,以 Yocto meta-layer 与持续维护订阅的形式交付。它将网络可视化、策略执行与持续维护的合规证据直接内建到你现有的设备镜像中。
Built for medical, industrial/OT, energy, and access-control device makers shipping into regulated markets like the US and the EU — teams with a Linux device but no security team. 为面向美国、欧盟等受监管市场出货的医疗、工业/OT、能源与门禁安防设备厂商打造——尤其适合有 Linux 设备但没有安全团队的团队。
Roadmap: Yocto + nftables first · eBPF/XDP as the advanced tier 路线图:首期 Yocto + nftables · eBPF/XDP 为进阶版本
meta-gatelens Yocto layer — drops into your existing Yocto build and bakes the security stack into the image itself. meta-gatelens Yocto 层——直接加入你现有的 Yocto 构建,把安全栈内建进设备镜像。
Network visibility & policy enforcement — on-device firewalling with nftables, sequenced as observe → report → recommend → human-approved enforce. 网络可视化与策略执行——基于 nftables 的设备端防火墙,按"观察 → 报告 → 建议 → 人工批准后执行"的顺序推进。
Continuous SBOM + CVE monitoring — a live view of what's in your image and which vulnerabilities affect it, in CRA-ready format. 持续 SBOM 与 CVE 监控——实时掌握镜像内的组件构成及受影响漏洞,输出符合 CRA 要求的格式。
Compliance evidence pack — SBOM, vulnerability-management record, 24h-report readiness, and secure-by-design attestation, auto-generated for your CRA technical documentation. 合规证据包——自动生成 SBOM、漏洞管理记录、24 小时上报就绪与安全设计证明,直接用于 CRA 技术文档。
Maintained as a subscription — security updates, a live CVE feed, and freshly signed compliance evidence for as long as the device ships. CRA compliance is continuous, and so is the layer. 以订阅方式持续维护——在设备的整个销售生命周期内提供安全更新、实时 CVE 情报与持续签发的合规证据。CRA 合规是持续性的,这个安全层也是。
Optional on-device AI remediation — a local model for air-gapped and regulated devices, or a cloud-backed option for low-spec hardware. A feature, not the headline. 可选的设备端 AI 修复——为离线与受监管设备提供本地模型,为低配置硬件提供云端方案。它是一项功能,而非卖点噱头。
Choose the projects relevant to you. We'll share meaningful development updates, invite early feedback, and let you know when access opens. 选择与你相关的项目。我们会分享重要开发进展、邀请早期反馈,并在开放体验时通知你。
We'll keep you close to the projects you selected, with relevant updates and early feedback opportunities. 我们会发送所选项目的相关进展,并邀请你参与早期反馈。
Something went wrong. Please try again.出了点问题,请重试。
Relevant updates only. Unsubscribe at any time.只发送相关进展,随时可以退订。