BlackBerry and Deloitte are teaming up to assist OEMs and those building mission-critical applications secure their software supply chains.
As part of the agreement, Deloitte will leverage BlackBerry’s software composition analysis tool, BlackBerry Jarvis to provide Open-source Software (OSS), Common Vulnerabilities and Exposures (CVE) and Software Bill of Materials (SBOM) analysis on behalf of their clients across the medical, automotive and aerospace industries, empowering them to keep software safe and secure based on the actionable intelligence the platform provides.
A G7 Transportation Ministry has selected the companies’ joint software and services offering to ensure the security of its traffic management and broader transportation infrastructure.
“We’re thrilled to partner with Deloitte to help OEMs and those responsible for critical infrastructure better understand their embedded systems security challenges with a view to ensuring their end products are both secure and updated with the most recent security patches,” said Adam Boulton, Chief Technology Officer, BlackBerry Technology Solutions.
“Just as a health-conscious grocery shopper can benefit from scrutinizing nutrition labels on food packages, an embedded software developer can gain a whole host of insights by leveraging tools and expertise that enable them to detect issues in their supply chain that may have real implications for intellectual property disputes, security risks and overall quality.”
Designed to address the increasing complexity and growing cybersecurity threats among multi-tiered software supply chains, BlackBerry Jarvis empowers OEMs to inspect the provenance of their code and every single software asset that comes into their overall supply chains to ensure their products are both secure and updated with the most recent security patches.
BlackBerry Jarvis addresses the need to identify and remediate vulnerabilities by identifying them and then providing deep actionable insights in minutes – something that would otherwise involve manual scanning that would take large numbers of experts and an impractical amount of time.
“Deloitte is very excited to partner with BlackBerry. Our already productive relationship will focus on key mobility and other market opportunities.Â
We’re confident that BlackBerry’s deep security heritage and expertise complimented by Deloitte’s world leading Risk Advisory teams will create a compelling value proposition for new and existing clients,” said Stephen Meagher, Director of IOT for Risk Advisory, Deloitte.
Built on the company’s decades of cybersecurity expertise and proprietary technology, Jarvis is a one-of-its-kind cloud-based static binary code scanning solution that identifies vulnerabilities in software used in automobiles.
Jarvis scans and delivers deep actionable insights in minutes, what would otherwise involve manually scanning that will take large numbers of experts and an impractical amount of time.
Exacerbating the challenge for OEMs is the fact that vehicles use hundreds of software components, many of which are written by an expansive network of third-party suppliers spread across several tiers. This distributed supply chain offers many advantages while also increasing opportunities for human error that can slow down production cycles and impact overall quality.
BlackBerry Jarvis inspects binary files in an easy, quick, scalable, and cost-effective way, and delivers deep insights into the quality and security of software components.
A modern car has over 100 million lines of software. As the software in a car grows so does the attack surface, which makes it more vulnerable to cyberattacks. Each poorly constructed piece of software represents a potential vulnerability that can be exploited by attackers.
Offered on a pay-as-you-go usage basis, Jarvis is customized for the unique needs of each OEM and their entire software supply chain. Once initiated, automakers will have online access to Jarvis and can scan any number of binary files at every stage of software development. This includes the capability to evaluate new software under consideration as well as the ability to assess existing software already in production.
Once scanned, development teams have immediate access to the results via user-friendly dashboards with specific cautions and advisories.
In addition to cost and time savings, BlackBerry Jarvis helps ensure that production software adheres to industry standards such as MISRA and CERT, and enables OEMs to define custom rules to meet organization-specific objectives.
