Discover and FABLE

Most modern software systems have significant third-party dependencies, where source code is often unavailable. Typically, both developers and system users are unaware of known, exploitable bugs in this third-party code. Once a vulnerability is discovered, there is a race between malicious actors trying to exploit the vulnerability, and defenders of critical infrastructure. Deployed systems must be continuously scanned for known vulnerabilities, and repaired with patches before the attackers breach them. Software Bills of Materials (SBOMs) have emerged as key building blocks in industry best practices and government regulations to ensure software security in the presence of third-party dependencies. 

Discover is a binary composition analysis tool for scanning software binaries and finding known libraries in them, in order to identify the presence of known vulnerable components. Discover works using a combination of binary analysis and machine learning. It is able to scan binaries with no metadata or additional artifacts; it can handle stripped binaries, binary code, and third-party binary dependencies. It can detect vulnerabilities even in the presence of variations in compiler versions and minor code changes. Discover is a part of our growing AI toolkit for analyzing and securing software. 

Beyond software binaries, firmware security has become a critical frontier in cybersecurity, as firmware often operates in IoT devices and other edge/embedded computing hardware and remains a frequent target for exploitation. Our technologies REAFFIRM and Discover form key components of our Firmware Automatic BOM Labeling Engine (FABLE) for advanced firmware analysis and Firmware Bill of Materials (FBOM) extraction. Discover performs machine learning-based similarity analysis to match software components against known libraries in order to identify which libraries and functionalities exist in the firmware of interest.