Capability helps device manufacturers find vulnerabilities in packages from their suppliers
Vulnerabilities in the software supply chain are costing device manufacturers business. Threats like Treck TCP/IP and ThroughTek Kalay P2P SDK continue to emerge, and according to a recent Ponemon Institute report, nearly 60% of organizations have lost revenue due to product security concerns. Finite State, the product security leader for connected devices, has unveiled a way to reduce the business risk of those vulnerabilities through advanced binary analysis.
“Our advanced binary analysis finally gives manufacturers visibility into these packages that are being added to their firmware unchecked.”
Device manufacturers use board support packages (BSPs) and software development kits (SDKs) from third-party vendors and developers, often without knowing what is inside them. Because these packages are essentially black boxes, any insecure configuration files make it easier for threat actors to carry out privilege escalation attacks, brute force attacks, and other potentially disastrous breaches.
Top iTechnology AIOps News: Quectel Launches New Generation of Flagship Android Smart Module
Finite State’s advanced binary analysis enhances automated zero-day vulnerability detection to eliminate blind spots in developer libraries. This capability goes beyond the source code-based software as a service (SaaS) offerings to catch the vulnerabilities those tools miss.
“Manufacturers are inherently trusting the developers of SDKs and BSPs, but recent vulnerabilities like Log4j, ThroughTek, Realtek, and DNSpooq prove they shouldn’t be so trusting,” said Jeff Martin, VP of Product at Finite State. “Our advanced binary analysis finally gives manufacturers visibility into these packages that are being added to their firmware unchecked.”
In addition to making it possible for security teams to see into these black boxes, Finite State’s advanced binary analysis saves them the time and effort of extensive manual testing. This essential feature ensures that products are more secure before they are shipped and allows organizations to quickly assess their third-party components for zero-day vulnerabilities and Common Vulnerabilities and Exposures (CVEs) to protect customer relationships, brand reputation, and potential loss of revenue.
Top iTechnology Networking News: Crosschq Expands Global Offering with the Addition of Multilingual Localization Capabilities
[To share your insights with us, please write to sghosh@martechseries.com]