Latest news with #BinarlyTransparencyPlatform
Business Wire
14-05-2025
- Business
- Business Wire
Binarly Patents New Method for Reachability Analysis for Binary Executables
SANTA MONICA, Calif.--(BUSINESS WIRE)--Binarly, a leading firmware and software supply chain security company, has been awarded U.S. Patent No. 12,287,885 for its invention of a new method for computing context-sensitive reachability analysis metrics across binary executables. The patented invention determines not only whether a vulnerability exists, but how easily it could be exploited in a given real world environment. Share The patented invention empowers security teams to determine not only whether a vulnerability exists, but how easily it could be exploited in a given real-world environment. Read the full patent (PDF). The reachability analysis technology has already been fitted into the company's flagship Binarly Transparency Platform and is currently running at scale across global enterprise deployments. As documented in this whitepaper, the patented techniques decompose one or more binary executables (or containers of executables) into their constituent components and associated configuration artifacts. For each component, Binarly's new method constructs inter-procedural control-flow graphs (ICFGs) and code cross-reference graphs, identifies entry points, and computes reachability metrics for every program location. Crucially, the innovation extends traditional static analysis by integrating context-aware reachability: it factors in real-world runtime properties (loaded libraries, boot scripts, or container entry-point configurations) to produce a reachability metric that reflects how the software actually runs in production. While existing vulnerability scanners flag potential security flaws without discriminating whether those flaws can ever be reached during execution, Binarly's patented solution advances the field by: Quantifying Exploitability: Assigning metrics to code paths that gauge the difficulty of navigating from a valid entry point to a vulnerable instruction. Environment Contextualization: Incorporating runtime artifacts (e.g., init scripts, container manifests, file-system permissions) to refine which code paths are truly viable in a target deployment. Joint and Inter-Component Analysis: Extending reachability computations across multiple executables or libraries, revealing cross-binary vulnerabilities that static tools often miss. 'Understanding if and how a vulnerability can be reached in a real environment is a critical part of sharp, actionable cybersecurity,' said Alexander Matrosov, Binarly founder and one of the patent's inventors. 'This patent solidifies our breakthrough approach: moving beyond static vulnerability counts and toward a risk-centric, context-aware reasoning model that aligns remediation efforts with real-world exploitability.' Binarly has publicly documented its approach to reachability analysis in this white paper. The Binarly research team has separately secured US patents for CBOM generation from binaries (U.S. Patent No. 12153686) and a machine learning technique to optimize large-scale binary analysis (U.S. Patent No. 12236262). About Binarly Binarly is a U.S.-based firmware and software supply chain security company founded in 2021. The flagship Binarly Transparency Platform helps device manufacturers, OEMs and enterprise product security teams to detect vulnerabilities, misconfigurations, secrets, and malicious code in devices and software supply chains. Leveraging decades of research and program analysis expertise, we secure businesses, critical infrastructure, and consumers, while also assisting organizations in transitioning to a post-quantum cryptography (PQC) environment. For more information, visit
Business Wire
23-04-2025
- Business
- Business Wire
Binarly Transparency Platform 3.0 Adds Real‑Time Threat‑Intelligence Prioritization and Exploitation Maturity Scoring
BUSINESS WIRE)--Binarly, a leading firmware and software supply chain security company, today announced the rollout of its flagship Binarly Transparency Platform 3.0, a major update that fuses live threat‑intelligence signals with an exploitation‑aware scoring system to help enterprise teams prioritize the mitigation of vulnerabilities with the most immediate risk. 'Security teams are tired of probabilistic risk scores that read like weather forecasts,' said Alex Matrosov, CEO at Binarly 'EMS puts hard evidence on the table with live data on exploit code, ransomware payloads and breach telemetry.' The release introduces Threat Intelligence Monitoring, a service that tracks public proof‑of‑concept code, ransomware activity, and private telemetry to flag actively exploited flaws the moment they surface. These signals feed a new Exploitation Maturity Score (EMS) that replaces probabilistic models with evidence‑based weighting, giving defenders a clear, continuously updated view of true risk. The company's research team built EMS to measure the present rather than guess the future; historical shifts in the score are charted inside the dashboard so security owners can watch risks rise or recede as exploits mature, proof‑of‑concept code stabilizes, or a vulnerability lands in CISA's KEV (Known Exploited Vulnerabilities) catalog. Because the monitoring stack is developed and curated in‑house, intelligence updates flow to customer consoles without delay. 'Security teams are tired of probabilistic risk scores that read like weather forecasts,' said Alex Matrosov, Binarly's CEO and Head of Research. 'EMS puts hard evidence on the table with live data on exploit code, ransomware payloads, and breach telemetry so our customers can see, in real time, which vulnerabilities are being weaponized.' The Binarly Transparency Platform refresh also debuts Auto‑Advisories and VEX generation to streamline coordinated disclosure when a customer uses the platform to discover new issues in third‑party code, as well as the first wave of Global Search, a cross‑inventory query engine that pulls answers from every product, component, and artifact in seconds. The feature list also includes new export options to simplify hand‑offs to engineering and audit teams, while purpose‑built Post‑Quantum Compliance and Secure‑by‑Design reports translate deep binary analysis into board‑level action plans. 'Our goal with every release is to take noise off the dashboard and put the right signals around what matters,' Matrosov added. 'By linking binary‑level analysis with real‑time intel and clear remediation paths, the platform lets enterprise security teams spend less time sorting data and more time fixing what keeps them up at night,' Matrosov added. Under the hood, Binarly has upgraded its code‑analysis engine with smarter handling of stubs and fix‑ups, clearer evidence paths for unknown vulnerabilities, and an expanded library of Deep Vulnerability Analysis (DVA) checkers focused on UEFI input‑validation flaws. The update also adds detection logic for abnormal PE parsing in firmware modules, a microcode‑specific vulnerability checker, compiler‑and‑build metadata extraction for stronger SBOM validation, cryptographic artifact discovery, and a secret‑detection workflow that now auto‑validates potential credentials to cut false positives. The latest release builds on existing technologies providing reachability analysis, post‑quantum migration tooling, and RBAC collaboration features, extending the platform's reach from visibility to prioritization defined by what is happening in the wild. About Binarly Binarly is a U.S.-based firmware and software supply chain security company founded in 2021. The flagship Binarly Transparency Platform helps device manufacturers, OEMs and enterprise product security teams to detect vulnerabilities, misconfigurations, secrets, and malicious code in devices and software supply chains. Leveraging decades of research and program analysis expertise, we secure businesses, critical infrastructure, and consumers, while also assisting organizations in transitioning to a post-quantum cryptography (PQC) environment. For more information, visit
Yahoo
07-02-2025
- Business
- Yahoo
Binarly Expands Platform to Enable Post-Quantum Compliance Readiness
The all-new Binarly Transparency Platform v2.7 adds cryptographic reachability and PQC compliance features to enable forward-looking organizations to meet NIST standards and deadlines with confidence. SANTA MONICA, Calif., January 30, 2025--(BUSINESS WIRE)--Binarly, a leader in firmware and software supply chain security, today announced the release of its flagship Binarly Transparency Platform v2.7, a major update that immediately enables corporate defenders to prepare for a mandatory transition to Post-Quantum Cryptography (PQC) standards. As quantum computing advances, the National Institute of Standards and Technology (NIST) has issued fresh guidance on Post-Quantum Cryptography (PQC), underscoring the urgency of PQC readiness amid deadlines and regulations. Transitioning large enterprises to meet these new requirements is a lengthy, often complex process. The latest product update has been fitted with patented technologies to handle discovery, inventorying and assessment of cryptographic assets: Cryptographic Keys: Ownership, algorithm identifier, format, and status (active or deprecated) accurately documented. Certificates: Validity period, ownership, and algorithm used, captured and displayed in streamlined reports. Algorithms: Accurate tracking and identification of algorithms in use, and assessment of their ability to resist quantum attacks. Protocols (TLS, etc.): Inventory that includes version and implementation details to track any dependencies. "Preparedness for PQC can't happen overnight," said Ryan Weekes, Chief Product Officer at Binarly. "Our platform helps you discover which assets need immediate attention while delivering the insights required to align with new regulations for post-quantum readiness." By identifying outdated or insecure cryptography, enterprises can better manage their transition to post-quantum standards and avoid compliance gaps. Key PQC-focused enhancements: Cryptographic Reachability: Identify which cryptographic algorithms in a binary are actively used, so you can prioritize changes that truly matter. PQC Compliance: Track NIST-approved post-quantum algorithms, pinpoint outdated cryptography, and plan targeted updates for quantum-safe security. Enhanced CBOM and Reporting: Build a robust inventory of certificates, keys, and algorithms while generating streamlined reports for cross-team collaboration. "Our new cryptographic reachability feature cuts through false positives to highlight exactly which algorithms are actively in use," said Alex Matrosov, CEO and Head of Research at Binarly. "Enterprises gain an actionable blueprint to modernize their cryptographic assets and stay ahead of regulatory mandates." With v2.7, the Binarly Transparency Platform introduces key feature improvements, performance upgrades, and critical updates to better support software supply chain transparency, vulnerability remediation, and regulatory compliance. About Binarly: Binarly is a U.S.-based firmware and software supply chain security company founded in 2021. The company's flagship Binarly Transparency Platform helps device manufacturers, OEMs and enterprise product security teams to detect vulnerabilities, misconfigurations, exposed secrets, and malicious code in hardware and software supply chains. Based in Santa Monica, Calif., Binarly applies decades of research and program analysis expertise to securing businesses, critical infrastructure, and consumers. The technology is also powering enterprise migrations to the NIST-mandated post-quantum cryptography (PQC) standards. View source version on Contacts Media Contact:Tyler Kingtyler@ 818-351-9637
