Binarly Transparency Platform v2.7 Hits New Milestone, Propelling Enterprises Toward Post-Quantum Readiness

New cryptographic reachability and PQC compliance features position forward-looking organizations to meet evolving NIST standards with confidence.

Authors: Ryan Weekes (Chief Product Officer), Alex Matrosov (CEO and Head of Research)

At Binarly, we’ve worked diligently to develop innovative solutions that deliver exceptional results for our customers. In our previous release of the Binarly Transparency Platform v2.5 – we introduced several standout features, including Binary Reachability Analysis and Cryptographic Materials discovery, as well as our patented, most comprehensive CBOM generation capabilities. What truly distinguishes us in the market is our deep visibility into actual code, enabling security teams to act on accurate, actionable insights.

‍

Today’s software supply chain is increasingly complex and sprawling, making it a prime target for threat actors looking to expand their attacks through suppliers. Our product strategy empowers enterprises to SEE every aspect of their software supply chain, FIX vulnerabilities as they arise, and COMPLY with evolving regulations.

Let’s begin with the most innovative features in this release: cryptographic asset reachability analysis and PQC compliance.

Cryptographic Reachability and PQC Compliance

As quantum computing advances, the National Institute of Standards and Technology (NIST) has issued fresh guidance on Post-Quantum Cryptography (PQC), underscoring the urgency of PQC readiness amid deadlines and regulations. Transitioning large enterprises to meet these new requirements is a lengthy, often complex process.  Which assets, for example, are truly crucial for ensuring a smooth a secure shift to the post-quantum era?

• Cryptographic Keys: Ownership, algorithm identifier, format, and status (active or deprecated) should all be documented.
• Certificates: Validity period, ownership, and algorithm used should all be captured.
• Algorithms: It’s important to track and identify algorithms that are vulnerable to quantum attacks.
• Protocols (TLS, etc.): The inventory should include version and implementation details to track any dependencies.

Building a well-structured and robust inventory is a top priority for PQC readiness. The Binarly Transparency Platform not only discovers certificates and cryptographic keys within firmware images or container file systems, but goes a step further by analyzing code to map the cryptographic assets embedded in binaries and software packages.

Our new cryptographic reachability analysis helps cut through the noise.  For example, when OpenSSL is statically linked, traditional Software Composition Analysis (SCA) tools often generate hundreds of false positives tied to OpenSSL libraries that aren’t actually used in the code. Cryptographic Reachability lets you validate those  findings, helping security teams focus on what truly matters.

One of the most important tasks for any enterprise is planning and executing the discovery of outdated algorithms and cryptographic assets that need replacing or upgrading. For a comprehensive risk assessment, it’s essential to continuously monitor the assets – both for proactive risk management and for compliance – by tracking progress toward quantum readiness.

Empowering Secure-by-Design at Scale

The Binarly Transparency Platform is a data platform that helps identify the most critical data insights related to software supply chain security risks. We help software developers and enterprises ensure that vendors and suppliers follow Secure by Design principles and the Secure Software Development Framework (SSDF).

Identifying unsafe functions (CWE-676) in products or components broadly used across enterprise infrastructure is key to revealing which suppliers fail to adequately support their codebases or comply with Secure Software Development Lifecycle (SSDLC) practices. Although discovering these unsafe functions may not always lead to security vulnerabilities, it remains crucial to measure and monitor such risks and codebase health in the context of Secure-By-Design compliance.

We don’t just detect unsafe functions in specific software components; we also identify what those  functions are and where they reside in the code. This level of detail makes it actionable for deeper investigation or risk assessment across targeted codebases or compiled components.

In particular, this is especially useful for tracking SLAs with third-party software and managing wider risks across the software supply chain.

Enhanced Transparency Reports

All of these findings are vital for ensuring visibility and understanding risk, but it’s equally important to  effectively navigate, prioritize, and share them with the right stakeholders. In response to customer feedback on the previous version, we’ve completely redesigned and rebuilt our reports – equipping teams with enhanced transparency and compliance tools across the software supply chain.

At Binarly, a pioneering spirit is one of our core values – fueling our commitment to deliver the most effective and innovative products on the market. The all-new Binarly Transparency Platform v2.7 contains major capabilities to help security teams more efficiently identify and resolve critical issues related to software supply chain security. Tis release scales Secure by Design principles for both development and procurement teams, enabling them to address the most pressing software supply chain gaps. Stay tuned for v3.0, coming soon! 🤙

CHANGELOG v2.7

Binarly Transparency Platform v2.7 introduces new features, performance upgrades, and critical updates to better support software supply chain transparency, vulnerability remediation, and regulatory compliance.

New features

• Cryptographic reachability
  Prioritize actionable findings by seeing which cryptographic algorithms in a binary are reachable (actively used).
• Vendor signed ELF binaries
  Detect signed Linux ELF binaries and see their cryptographic details.
• Unsafe functions
  See any insecure C/C++ library functions used in binaries and get suggestions on safer alternatives that align with Secure by Design principles.
• Known fixes
  Find out which dependency vulnerabilities have fixes available and see the fix details.
• Post-quantum cryptography compliance
  Understand which cryptographic algorithms in use comply with NIST guidance on post-quantum readiness (i.e. NIST IR 8547) and see what changes are needed for non-compliant algorithms.
• Secure by Design
  Detect software development practices that aren’t aligned with CISA’s Secure by Design principles and the NIST SP 800-218 Secure Software Development Framework (SSDF). Improvements
• Better grid controls
  A new filter drawer and more column options that give more flexibility and control over how you filter, sort and search within the Findings grid, making it easier to get the view you want.
• Next-generation binary scanner
  We rewrote the core of our scanner making scans 2.5x faster on average, and introduced parallel scanning to enable even bigger boosts to scanning across Docker containers, ISO images, and firmware.
• Enhanced reports
  New Image and Finding reports with more details, that are easier to read, and the ability to generate customized reports based on filters.
• Detection and findings updates
  
  • Suggestions for Linux kernel hardening mitigations.
  • Detection and aggregation of complex vulnerabilities that span multiple binaries for a more comprehensive view of risks.
  • More robust detection of UEFI mitigations under different build configurations (handling of function inlining, outlining, etc.) including improved checks for Stack Guard and stack canaries.
  • Added detection new code-driven detections for vulnerable bootloaders