LOS ANGELES -- October 8, 2024 -- Binarly, provider of the industry leading AI-powered firmware and software supply chain security platform, today unveiled Binary Risk Hunt with advanced capabilities and tooling to help defenders find and fix persistent software supply chain vulnerabilities.
Binary Risk Hunt expands on the successful FwHunt.RUN project and includes first-of-its-kind technology to identify known vulnerabilities and firmware implants, map dependencies (including transitive dependencies), and to generate comprehensive SBOM (Software Bill Of Materials).
Key features of Binary Risk Hunt v1.0 include
Over the past three years, Binarly’s freely available scanning tools have processed more than 12,000 firmware images, detecting an average of three vulnerabilities per scan, highlighting the ongoing challenges in firmware supply chain security.
The all-new Binary Risk Hunt leverages the patented Binary Risk Intelligence technology to provide comprehensive binary analysis tools for vulnerability detection and SBOM generation -- at no cost!
The service prioritizes user-friendliness and accessibility and enables scans and downloads of SBOM reports without user registration. A user account is only necessary for API access.
Binarly is proud to be the first company offering free, comprehensive binary analysis tools for vulnerability detection and SBOM generation. Our beta release has already exposed over 1,500 critical vulnerabilities and generated 257 SBOMs.
"Assessing the impact of a known software supply chain vulnerability at scale is a challenge that currently lacks a viable solution,” said Alex Matrosov, founder and CEO at Binarly. “Tools like Binary Risk Hunt are crucial for protecting the software supply chain from the recurring failures we see in the wild. Offering these tools for free is part of our commitment to industry-wide software supply chain security, helping companies recover from widespread vulnerabilities affecting their products," Matrosov added.
Binarly is also announcing integrations with partners like the Linux Vendor Firmware Service (LVFS) and Blindspot Software, demonstrating strong industry adoption in the fight against known vulnerabilities and for dependency transparency.
"Binarly's community scanner has become an integral part of our firmware security ecosystem,” said Richard Hughes, maintainer of the Linux Vendor Firmware Service (LVFS), a portal that allows hardware vendors to upload firmware updates for security analysis.
“By scanning most UEFI firmware images uploaded to LVFS, Binarly technology provides a crucial layer of protection against publicly disclosed security issues. This tool empowers OEM vendors and uploaders with valuable insights and the ability to rescan firmware as new rules become available,” Hughes added.
About Binarly
Binarly is a global firmware and software supply chain security company founded in 2021. The company’s flagship Binarly Transparency Platform is an enterprise-class, AI-powered solution used by device manufacturers, OEMs, IBVs and product security teams to identify known and unknown vulnerabilities, misconfigurations and signs of malicious code implantation. Binarly’s validated remediation playbooks have significantly reduced the cost and time to respond to security exposures. Based in Los Angeles, California, Binarly brings decades of research and program analysis expertise to build solutions to protect businesses, critical infrastructure, and consumers around the world.
About Binary Risk Hunt
Binary Risk Hunt is a free service that helps security teams and product owners validate their firmware and software supply chain is truly composed of. A free scan produces a custom report and Software Bill of Materials (SBOM) report, verifying composition and exposing risks lurking below the source code. Try it free at https://risk.binarly.io/