Uncover Software Vulnerabilities Across Your Complex Supply Chain
Understanding the software composition and vulnerability exposure of embedded systems can be challenging. This is particularly true in industries like automotive, aerospace and defense, and medical equipment where the challenges of managing material from complex supply chains are compounded by stringent regulatory requirements.
BlackBerry® Jarvis™, our software composition analysis solution, was designed to analyze binaries within complex embedded systems. It lets you scan a complete software product for security vulnerabilities and software craftsmanship without the need for source code. It’s a unique solution that not only enables you to identify potential issues, but it also recommends strategies for you to remediate them.
“As a result of this coverage and superior test performance, BlackBerry Jarvis appears to be the ideal single-tool solution for embedded platforms.”
- Brandon Bailey, Cybersecurity Senior Project Leader, The Aerospace Corporation
Discover What’s Hidden in Your Binaries
Do you know what software is running on your shipped embedded systems? A software bill of materials (SBOM) can help you identify critical information about software components. Just as a savvy shopper scrutinizes the nutrition label on a food package, an experienced systems integrator can view an SBOM to examine binary files and detect issues that may have implications for intellectual property disputes, security risks or general quality.
BlackBerry Jarvis lets you uncover potential risks hidden in the binary package of your complete product. The solution enables you to view your product’s SBOM without bias or having to relying on material provided by suppliers. It can uncover file formats and provides details about files you and your suppliers may not be familiar with. This in turn enables you to assess risk, and plan mitigation actions that are appropriate for the level of threat.
Identify All Your Code Vulnerabilities
Security vulnerabilities are software defects that hackers can exploit to attack a system. Companies with sound security practices are vigilant in tracking, managing and remediating vulnerabilities. However, if you are integrating software of unknown provenance (SOUP) and have no access to source code, you may be unknowingly including security vulnerabilities in your product. BlackBerry Jarvis is unique in its ability to help you find vulnerabilities in SOUP. Designed for embedded applications, it supports an extensive list of file formats and hardware architectures used in embedded devices.
You need to identify both the software component and its version to accurately uncover vulnerabilities. If you can’t correctly identify the version, you may miss a vulnerability. Or, you could identify a software component with a vulnerability, but fail to recognize that it has a security update that eliminates that vulnerability. This type of inaccuracy can cost you and your suppliers unnecessary time and manual effort. BlackBerry Jarvis excels in accurately detecting CVEs (common vulnerability exposures) with its ability to identify software versions.
Uncover Coding Weaknesses
While many source code scanners can help you identify coding weaknesses, BlackBerry Jarvis can enable you to both uncover and mitigate them. Using detection rules based on standards such as CWE, MISRA and CERT-C, it raises cautions on suspicious function calls, and provides actionable insights for each one.
BlackBerry Jarvis can help you gauge the risk of coding violations within the context of the entire binary package. For example, if it identifies a code violation within a program with root privilege, or if network access is enabled within the binary, BlackBerry Jarvis flags these as more serious problems. It assesses risk based on a number of factors including Common Vulnerability Scoring System (CVSS) scores and the context of the violation. It provides code snippets to help you track down the location of the code violations and offers recommendations on how to fix them. Identifying coding violations in this way provides assurance of code security to integrators who cannot access the underlying source code of third-party systems.
“BlackBerry Jarvis addresses the software cybersecurity needs of the automotive industry. In our independent study, Jarvis delivered excellent efficiencies in time-to-market, significantly reducing the time to security assess code from thirty days to seven minutes.”
- Dr. Ralf Speth, Former CEO, Jaguar Land Rover
Unlock the Full Power of BlackBerry Jarvis
You can rely on BlackBerry’s trusted cybersecurity expertise to harness the full power of BlackBerry Jarvis. Our embedded security professionals are ready to help you dive deeper into the results of your software analysis, and to identify areas that need hardening and remediation actions. We can also help your organization meet cybersecurity regulations from both the process and product perspectives.
Learn how BlackBerry Jarvis brings critical insights on vulnerability exposure to embedded developers and systems integrators across the automotive, healthcare, industrial automation, aerospace, and defense industries.
Find out how our embedded security experts can help you assess and address software security issues, both in development and in the field.