Skip Navigation

BlackBerry Jarvis

Software Composition Analysis for Embedded Systems

Talk to Us

Uncover Software Vulnerabilities Across Your Complex Supply Chain

Understanding the software composition and vulnerability exposure of embedded systems can be challenging. This is particularly true in industries like automotive, aerospace and defense, and medical equipment where the challenges of managing material from complex supply chains are compounded by stringent regulatory requirements.

BlackBerry® Jarvis™, our software composition analysis solution, was designed to analyze binaries within complex embedded systems. It lets you scan a complete software product for security vulnerabilities and software craftsmanship without the need for source code. It’s a unique solution that not only enables you to identify potential issues, but it also recommends strategies for you to remediate them.

“As a result of this coverage and superior test performance, BlackBerry Jarvis appears to be the ideal single-tool solution for embedded platforms.”

Brandon Bailey, Cybersecurity Senior Project Leader, The Aerospace Corporation

BlackBerry Jarvis uncovers issues that may be hidden within your binaries, including ddevelopment  utilities such as Telnet and FTP that can open security backdoors, or Copyleft software, which can impose major risks to your intellectual property. BlackBerry Jarvis uncovers issues that may be hidden within your binaries, including development utilities such as Telnet and FTP that can open security backdoors or Copyleft software, which can impose major risks to your intellectual property.

Discover What’s Hidden in Your Binaries

Do you know what software is running on your shipped embedded systems? A software bill of materials (SBOM) can help you identify critical information about software components. Just as a savvy shopper scrutinizes the nutrition label on a food package, an experienced systems integrator can view an SBOM to examine binary files and detect issues that may have implications for intellectual property disputes, security risks or general quality.

BlackBerry Jarvis lets you uncover potential risks hidden in the binary package of your complete product. The solution enables you to view your product’s SBOM without bias or having to relying on material provided by suppliers. It can uncover file formats and provides details about files you and your suppliers may not be familiar with. This in turn enables you to assess risk, and plan mitigation actions that are appropriate for the level of threat.

BlackBerry Jarvis can identify a wide variety of hardware and file types used in embedded systems. Its accurate version identification is the key to reliably uncovering vulnerabilities.

Identify All Your Code Vulnerabilities

Security vulnerabilities are software defects that hackers can exploit to attack a system. Companies with sound security practices are vigilant in tracking, managing and remediating vulnerabilities. However, if you are integrating software of unknown provenance (SOUP) and have no access to source code, you may be unknowingly including security vulnerabilities in your product. BlackBerry Jarvis is unique in its ability to help you find vulnerabilities in SOUP. Designed for embedded applications, it supports an extensive list of file formats and hardware architectures used in embedded devices.

You need to identify both the software component and its version to accurately uncover vulnerabilities. If you can’t correctly identify the version, you may miss a vulnerability. Or, you could identify a software component with a vulnerability, but fail to recognize that it has a security update that eliminates that vulnerability. This type of inaccuracy can cost you and your suppliers unnecessary time and manual effort. BlackBerry Jarvis excels in accurately detecting CVEs (common vulnerability exposures) with its ability to identify software versions.

BlackBerry Jarvis reveals vulnerabilities introduced at the source code level by analyzing coding standard violations within the larger context of the entire binary. BlackBerry Jarvis reveals vulnerabilities introduced at the source code level by analyzing coding standard violations within the larger context of the entire binary.

Uncover Coding Weaknesses

While many source code scanners can help you identify coding weaknesses, BlackBerry Jarvis can enable you to both uncover and mitigate them. Using detection rules based on standards such as CWE, MISRA and CERT-C, it raises cautions on suspicious function calls, and provides actionable insights for each one.

BlackBerry Jarvis can help you gauge the risk of coding violations within the context of the entire binary package. For example, if it identifies a code violation within a program with root privilege, or if network access is enabled within the binary, BlackBerry Jarvis flags these as more serious problems. It assesses risk based on a number of factors including Common Vulnerability Scoring System (CVSS) scores and the context of the violation. It provides code snippets to help you track down the location of the code violations and offers recommendations on how to fix them. Identifying coding violations in this way provides assurance of code security to integrators who cannot access the underlying source code of third-party systems.

“BlackBerry Jarvis addresses the software cybersecurity needs of the automotive industry. In our independent study, Jarvis delivered excellent efficiencies in time-to-market, significantly reducing the time to security assess code from thirty days to seven minutes.”

Dr. Ralf Speth, Former CEO, Jaguar Land Rover

Unlock the Full Power of BlackBerry Jarvis

You can rely on BlackBerry’s trusted cybersecurity expertise to harness the full power of BlackBerry Jarvis. Our embedded security professionals are ready to help you dive deeper into the results of your software analysis, and to identify areas that need hardening and remediation actions. We can also help your organization meet cybersecurity regulations from both the process and product perspectives.

Learn More

Talk to the Experts in Security for Embedded Systems

Book a free consultation with our security experts to discuss your embedded security needs

Talk to Us

Resources

Video

Learn how BlackBerry Jarvis brings critical insights on vulnerability exposure to embedded developers and systems integrators across the automotive, healthcare, industrial automation, aerospace, and defense industries. 

Security Services Brochure

Find out how our embedded security experts can help you assess and address software security issues, both in development and in the field.