08 August 2017 00:00 ET
Powered by Insignary Clarity™ it enables OEMs, developers, and users to perform binary security scanning of open source software that is the foundation for the majority of embedded parts and IoT devices.
SUNNYVALE, CA--(Marketwired - August 08, 2017) - Insignary, the global leader in binary-level open source software security and compliance, unveiled today its free, open source software binary code scanning service TruthIsIntheBinary.com. Powered by Insignary Clarity™ binary code scanning software, TruthIsIntheBinary.com enables OEMs, developers and users to quickly and easily scan open source software in their embedded applications and IoT devices. TruthIsIntheBinary.com identifies SambaCry, Devil's Ivy, Heartbleed, Ghost and Venom, among more than 91,000 known security vulnerabilities -- helping to neutralize what industry experts see as an IoT security "ticking time-bomb."
TruthIsIntheBinary.com is easy to use. OEMs and developers start by uploading an uncompressed binary file to the site. Any executable file created to run on 99% of existing computing platforms may be scanned -- including smart phone apps people download from app stores. The service scans the software in just a few minutes. Users receive a report of the scanned software that includes the number of potential security issues and their level of severity. With this information, OEMs and developers can look to address the security vulnerabilities with patches or newer versions of the software.
"Innovation in the IoT technology sector has been powered by open source software. We will continue to see a mass proliferation of embedded parts and IoT devices and services that rely on projects, like Linux, to increase business efficiency and improve peoples' lives," said TJ (Taejin) Kang, CEO of Insignary, Inc. "Unfortunately, unless OEMs and developers can effectively secure the IoT devices they sell, critical corporate and community infrastructure will be vulnerable to attack. Our free TruthIsIntheBinary.com service, which is powered by our Clarity software, gives OEMs and developers the ability to uncover security threats at the binary level. When they see how effective the service is, at some point they might consider using our full-featured version of Clarity, where they will get a significantly more detailed report. We have and will continue to deliver the products and services that support the open source community."
Gartner Inc. estimates that there will be 20.4 billion IoT-connected components worldwide by 2020, up from the estimated 8.4 billion this year. According to a 2017 Boston Consulting Group report, the market for IoT products and services is expected to reach $267 Billion by 2020. The report also predicts that by 2020, 50% of IoT spending will be driven by discrete manufacturing, transportation and logistics and utilities -- critical areas of businesses and community infrastructure.
According to a newly released PwC report, researchers found that only 35% of approximately 9,700 companies polled said they had an IoT security strategy in place. While many companies are expanding their use of connected devices and sensors that collect and send operating or customer data back into digital business tools to drive decision-making, only 28% say they have begun to implement added security needed to guard against the increased risk of a cyberattack created by IoT networks.
Most of the software built into embedded parts and IoT devices uses open source software components. While newer versions of these components are available without the security vulnerabilities, OEMs and developers often neglect to use them or don't realize they exist. Additionally, third-party software that OEMs and developers purchase for their IoT applications is distributed in binary format without the source code, making it extremely difficult to identify any potential security vulnerabilities.
Insignary Clarity enables proactive scanning of embedded firmware or any binaries for known, preventable security vulnerabilities, and also identifies potential license compliance issues. It uses unique fingerprinting technology, which works on the binary-level without the need for source code or reverse engineering. This makes it easy for OEMs and developers to take proper, preventive action before the deployment of their products.
Insignary Clarity, in addition to identifying license compliance issues, enables proactive scanning of embedded firmware for known, preventable security problems to facilitate "security by default." It provides increased confidence to security and compliance teams in the deployment of products containing open source software.
While some solutions offer exact matches to known binaries using checksum algorithms, this only works in situations where there is a standard repository for binary components. In the embedded Linux space there are numerous locations where binary components may be sourced. Additionally, checksums change if the same file has been compiled even slightly differently. With Linux it is extremely difficult to match most binaries to known binaries with checksum scanning.
Insignary does away with checksum scanning. It uses algorithms that leverage fingerprinting through symbol and string table comparisons to read binary code in firmware. This allows high fidelity scanning and results without any need for reverse engineering.
Pricing & Availability
TruthIsIntheBinary.com is available today and at no cost for uncompressed binary files that are less than 5MB in size. If users would like a significantly more detailed version of the report, they can contact Insignary regarding a fully licensed version of Insignary Clarity software or its cloud-based solution. Pricing for the Insignary Clarity software or cloud-based solution can be obtained by contacting Insignary or visiting the website at www.insignary.com.
About Insignary, Inc.
Founded in 2016, venture-backed Insignary is the global leader in binary-level open source software security and compliance. Through its Insignary Clarity and TruthIsIntheBinary.comsoftware and cloud-based solutions, the company enables scanning of software in binary format to uncover and address Open Source security and license compliance issues. For more information please visit www.insignary.com.
Insignary, Insignary Clarity and TruthIsIntheBinary are trademarks or servicemarks of Insignary, Inc. All other brands, trademarks or servicemarks are the property of their respective owners.