Program Analysis

Binarly, a leading provider of software supply chain security solutions, today released the Binarly Transparency Platform 3.5 with Java ecosystem support, full enterprise-grade YARA integration, and operational upgrades designed to meet the speed and scale of modern product security workflows.

Cryptographic algorithms protect critical properties of modern software. With the potential danger posed by the advent of quantum computers, it has become more important for companies to identify which algorithms are present in the systems they use or ship to customers. While mature algorithm usage detection solutions for languages which target the JVM are readily found when working at the source code level (e.g. CodeQL, Semgrep), solutions working at the bytecode level are less prevalent, outdated, or do not provide comprehensive coverage.

Software mitigations play a critical role in the quest to secure the digital world. Shortly after the discovery and the rise of buffer overflows in the 90s, mitigations were introduced in the software ecosystem and eventually made their way into virtually any piece of software we run on our devices: from browsers to web servers, from OS kernels to userspace applications. Mitigations are typically designed to address one or more classes of vulnerabilities, making their exploitation more difficult. For example, while exploiting a stack overflow without any deployed mitigation is straightforward, the presence of properly implemented stack canaries requires chaining additional vulnerabilities or leveraging more complex techniques to bypass this protection.

The accidental leakage of sensitive information like API keys and passwords, commonly from container images, poses significant risks, requiring thorough scanning to prevent exposure. Challenges in secret detection include managing diverse secret formats, minimizing false positives, and ensuring high performance to avoid CI/CD delays.

Learn how Binarly enhances decompiled code by recovering meaningful type info—boosting binary analysis, triage, and reverse engineering accuracy.

Binarly's reachability analysis cuts through alert fatigue by identifying which vulnerabilities are actually exploitable. By focusing on real execution paths and environment context, it helps teams prioritize what truly matters and ignore the noise.

In April 2025, Gartner released its Market Guide for Software Supply Chain Security (SSCS), highlighting three core objectives for enterprise CISOs (Chief Information Security Officers) and cybersecurity leaders to prioritize.

In this blog post, the Binarly REsearch team introduces a novel methodology for detecting UEFI bootkits by analyzing their unique code behaviors. By starting from an in-depth analysis of known bootkits, we identify features that can be used for generically detecting bootkits and build rules that we used for hunting new unknown bootkits. Then, we show how these rules can be even further improved, by leveraging advanced static analysis techniques, semantic detection and ML-based clustering.

The all-new Binarly Transparency Platform v2.8 represents a pivotal leap forward in our engineering and product development processes as we shift to a more agile, monthly release cadence. This latest release introduces advanced image diffing, refined role-based access control (RBAC), and enhanced vulnerability detection capabilities, marking a significant step forward in the cybersecurity landscape.

New cryptographic reachability and PQC compliance features position forward-looking organizations to meet evolving NIST standards with confidence.

Binarly unveils Binary Risk Hunt with advanced capabilities to identify known vulnerabilities and firmware implants, map dependencies (including transitive dependencies), and to generate comprehensive SBOM (Software Bill Of Materials).

Binarly releases Binary Risk Hunt, a free vulnerability scanner with software bill of material generator.

Binarly Unveils Transparency Platform 2.5 with Advanced Reachability Analysis

We've incorporated a year of research and feedback into Binarly Transparency Platform v2

Discover why scalable vulnerability analysis demands automation. Learn about critical firmware-specific vulnerabilities, like BatonDrop (CVE-2022-21894), affecting Microsoft Windows bootloaders.

Explore UEFI firmware vulnerabilities with efiXplorer v5.2 [Xmas Edition]. Enhance your code analysis and SMM call-out detection capabilities. Upgrade now!

Explore ARM-Based Firmware Support in efiXplorer v5.0 LABScon Edition. Upgrade your UEFI analysis with BINARLY's latest tool for in-depth research.

Discover how symbolic execution uncovers UEFI firmware vulnerabilities with BINARLY's expert efiXplorer team. Elevate your bug detection game today!

Transform firmware threat detection with BINARLY's scalable solution. Discover advanced binary code inspection for effective threat hunting.

Discover how Intel efficiently detects firmware vulnerabilities at scale in this insightful BSSA DFT case study. Uncover key findings and strategies.

Enhance threat detection with more than just firmware integrity. Learn why relying solely on integrity checking may not suffice for effective security measures.