BlackBerry Jarvis a software composition analysis tool, has been recognized as “Best in Breed” by an Internal Research & Development project (IRAD). The analysis was conducted on behalf of the United States Department of Defense (DoD) by The Aerospace Corporation and recommends the most proficient binary analysis solutions on the market for embedded software, citing BlackBerry Jarvis as the most promising and robust after a rigorous assessment of key players.
As software grows in complexity it creates an even larger attack surface. Additionally, there are a number of regulatory changes and standards such as WP.29 and Software Bill of Materials (SBOM) coming into effect which will empower authorities to levy fines against non-compliance or shut down operations completely. The first step in mitigating these risks is the ability to inspect all of the code that comes from suppliers into your supply chains, and in environments where safety and security are paramount, it is not economically feasible to manually inspect all third-party binary files to ensure the quality of a multi-tier software supply chain.
At every stage of the software development lifecycle BlackBerry Jarvis can extract the characteristics and attributes from compiled binaries, even without access to source code and analyse these files to deliver deep insights into the quality and security of software components.
Brandon Bailey , Cybersecurity Senior Project Leader at Aerospace comments:
“As a result of its extensive vulnerability coverage and superior test performance, BlackBerry Jarvis appears to be the ideal single-tool solution for embedded platforms.”
BlackBerry Jarvis was tested on the DoD’s in-production and in-orbit satellite systems, as well as ground flight systems and billion-dollar telescopes and identified more issues much faster than its competitors, including the detection of a purpose-built backdoor in an open-source product which evaded all other tools involved in the process
Adam Boulton , Chief Technology Officer, BlackBerry Technology Solutions said:
“We are honoured to be recognized as best in breed in this report. We understand the need to iterate and deliver software rapidly and with BlackBerry Jarvis tasks that would take upwards of a month to complete can now be automatically remedied within minutes.”
Built on the company’s decades of cybersecurity expertise and proprietary technology, Jarvis is a one-of-its-kind cloud-based static binary code scanning solution that identifies vulnerabilities in software used in automobiles.
Jarvis scans and delivers deep actionable insights in minutes, what would otherwise involve manually scanning that will take large numbers of experts and an impractical amount of time.
Exacerbating the challenge for OEMs is the fact that vehicles use hundreds of software components, many of which are written by an expansive network of third-party suppliers spread across several tiers. This distributed supply chain offers many advantages while also increasing opportunities for human error that can slow down production cycles and impact overall quality.
BlackBerry Jarvis inspects binary files in an easy, quick, scalable, and cost-effective way, and delivers deep insights into the quality and security of software components.
A modern car has over 100 million lines of software. As the software in a car grows so does the attack surface, which makes it more vulnerable to cyberattacks. Each poorly constructed piece of software represents a potential vulnerability that can be exploited by attackers.
Offered on a pay-as-you-go usage basis, Jarvis is customized for the unique needs of each OEM and their entire software supply chain. Once initiated, automakers will have online access to Jarvis and can scan any number of binary files at every stage of software development. This includes the capability to evaluate new software under consideration as well as the ability to assess existing software already in production.
Once scanned, development teams have immediate access to the results via user-friendly dashboards with specific cautions and advisories.
In addition to cost and time savings, BlackBerry Jarvis helps ensure that production software adheres to industry standards such as MISRA and CERT, and enables OEMs to define custom rules to meet organization-specific objectives.