US-based ReversingLabs has launched a new supply chain security tool that is powered by artificial intelligence-driven complex binary analysis to uncover material risk.
The solution, called Spectra Assure, mixes AI and complex binary analysis to provide “unparalleled” protection against software supply chain attacks for software producers, as the company put it.
It also generates critical risk analyses for enterprise software buyers, according to Tomislav Peričin, co-founder and the current chief software architect of ReversingLabs.
He said there is a rapidly growing appetite for this and similar solutions, mainly from large, cross-border firms that transfer and process a lot of sensitive information and personal information, such as banks, insurance firms, pension funds and payment processors.
As a result, a range of large investors allocated capital to ReversingLabs in recent years, a venture capital-backed that raised around $81 million so far.
Among the most prominent backers are Crosspoint Capital Partners, Prelude Fund Services, Forgepoint Capital Management and JPMorgan Chase & Co.
Binary analysis
Complex binary analysis is an increasingly used cybersecurity technique that is used to scrutinise complex software to identify and single out bugs, malware and other vulnerabilities such as unauthorised modifications, without actually needing access to the source code.
The tech leverages algorithms to deconstruct and read binary codes to provide an analyses of software behaviour and security risks at machine level.
Peričin stressed that traditional application security testing solutions – such as static application security testing, software composition analysis and dynamic application security testing – have severe limitations.
“They may only focus on open-source software, and are not designed to identify malware or malicious components, and cannot analyse the entire software package,” he noted.
In contrast, Peričin continued, his company’s new solution “provides a build exam that accurately identifies malware and tampering before the actual release or deployment.”
He explained the new feature runs through entire software systems, to identify and lay bare threats, including much larger packages.
The entire process should not take more than a few minutes, he said.
Unauthorised modifications
Apart from the AI analysis and threat detection, the new tool also includes tampering identification to identify non-permitted modifications and to validate and establish the integrity and quality of software systems.
In fact, Peričin said “a secrets detection feature” uncovers hidden information, including sensitive and coded data, addresses critical security flaws and it can produce a list of all software components that should or should not be present in the system.
“It enables software producers and their enterprise buyers to identify compliance issues, exposures and threats like malware, tampering, vulnerabilities, mitigation guidance, exposed secrets, and license issues – all without the need for source code,” Peričin summarised.
ALSO READ
21i mulling takeovers after testing firm raises fresh capital
CEO Dave Kelly is keen to explore acquisition opportunities following the capital injection
LeadingMile expands TARA testing solution to include Salesforce
The platform provides a Salesforce variant for TARA’s automated testing and robotisation capabilities
Exclusive: Applitools COO on the power of autonomous testing
Ahead of our summit in New York CIty next week, QA Financial sits down with Applitools COO Moshe Milman
‘Test the unlikely’ to maintain operational resilience, warns BoE
BoE’s Sasha Mills said finserv firms need to improve the sophistication of their testing approaches
Synopsys offloads SIG for $2bn despite ongoing lawsuit
The deal is controversial because a private equity firm is suing Synopsys over SIG’s testing tools
Exclusive sitdown with IAR’s newly appointed CEO Cecilia Wachtmeister
IAR recently named Cecilia Wachtmeister as its new CEO. QA Financial caught up with the industry veteran