Periodic Reporting for period 2 - MENDER (Securing the worlds connected devices through open source and ease of use) Reporting period: 2019-09-01 to 2020-08-31 Summary of the context and overall objectives of the project "The objective of Mender.io project is to secure the world’s connected devices, which is growing at a rapid pace. Mender.io specifically enables an easy-to-deploy software update mechanism for connected devices.The problem being addressed is that IoT devices deployed in the field will inevitably have software bugs and/or security vulnerabilities that will allow bad actors to leverage them in major cybersecurity attacks. This is a major ongoing issue, with the ""October 2016 Dyn Cyberattack"" as a clear example of the consequences of vulnerable IoT devices: the cyber attack was executed through a botnet enslaving insecure IoT devices which brought down large swaths of the Internet that day through a DDOS attack. Most major sites were down, including Amazon.com GitHub, Comcast, The Wall Street Journal, and Netflix: https://en.wikipedia.org/wiki/2016_Dyn_cyberattackMaintaining the security and privacy of businesses and consumers alike is one of the biggest challenges of the rapid digital transformation the world is undergoing. It also ensures that bad actors cannot leverage insecure IoT devices to attack any entity at-will.Our overall objective is to ensure the security of the world’s connected devices and allow creators of smart IoT products to have a reliable, secure, and robust mechanism to update and patch their IoT devices.By the end of this project, we have successfully been able to develop and commercially launch Mender with tiered business offerings. Our commercial offerings already include planned features and we are proactively working on learning from the market and customers’ usage to optimize our existing infrastructure and introduce additional features as part of our product’s continuous maturation plan.In addition to our successful commercial launch, we have successfully signed 19 partnership agreements with companies around the globe. Our partner portfolio also includes few of the industry leaders such as Google, Microsoft, NXP etc. and this number is expected to grow in coming years." Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far During the 2nd (final) year of the Mender project, we have successfully been able to develop and commercially launch Mender with tiered business offerings. Our commercial offerings already include planned features and we are proactively working on learning from the market and customers’ usage to optimize our existing infrastructure and introduce additional features as part of our product’s continuous maturation plan.By the end of project timeline, we have successfully signed 19 partnership agreements with companies around the globe. Our partner portfolio also includes few of the industry leaders such as Google, Microsoft, NXP etc. and this number is expected to grow in coming years.We have established a thorough legal-framework concerning our overall business practices, product and/or service agreements, relevant industry compliances including GDPR etc.We made additional changes to our business model in pursuit of simplifying our product offerings.With the help of engineering team, our marketing team has made extensive efforts towards the expansion and market outreach of Mender. This includes articulation of marketing material, attending relevant conferences, providing talks in relevant conferences/meetups, organizing joint- webinars with our partners/customers, targeted social media marketing etc. Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far) With the advent of IoT and the proliferation of connected embedded devices across a variety of industry verticals, one of the biggest challenges in developing competitive products is the ability to efficiently deliver remote software updates at scale, while using industry best practices in security and robustness.Building a homegrown solution seems easy at first glance, but many custom solutions are built without security in mind. They also lack a robust update process where the devices are at risk of bricking if power failure or poor network connectivity occurs during an update. Many malicious attackers specifically scan for recently published security vulnerabilities with the intent of seeking outdated and vulnerable systems. Malware - such as Mirai, Hajime, BrickerBot, and Reaper - have successfully targeted insecure embedded systems. The number of compromised devices is in the millions and growing. Research shows the probability of a vulnerability being exploited reaches over 90%. If the vulnerability is remediated within 5-10 days after discovery, that number drops to under 10%. This can have considerable impact on how OEMs deliver product features and bug fixes at cost effective measures.Mender is on a mission to deliver the most widely adopted OTA update manager with security and robustness as its prime directive!