News

GrammaTech Awarded Navy and NSTXL Agreement to Create a Firmware Bill of Materials Extractor

Posted on

by

ITHACA, N.Y., October 10, 2024 GrammaTech, Inc., a leading provider of cybersecurity services and tools that improve and accelerate software development, has been awarded an Other Transactions Agreement from The Office of the Undersecretary of Defense for Research & Engineering’s Trusted & Assured Microelectronics Program to create a prototype Firmware Bill of Materials Extractor (FBME). FBME was awarded through the Naval Surface Warfare Center (NSWC) Crane Division’s Strategic and Spectrum Missions Advanced Resilient Systems (S2MARTS) Other Transaction Authority (OTA) and will be managed by National Security Technology Accelerator (NSTXL).

Under this Other Transactions Agreement GrammaTech will create FABLE, the Firmware Automatic BOM Labeling Engine, a tool to automatically extract bills of materials (BOM) from firmware. The goal of this work is to aid in understanding complex firmware and, ultimately, in providing assurance assessments for Commercial Off the Shelf (COTS) systems.

COTS systems are widely used in diverse applications across the Department of Defense (DoD), but little information is typically disclosed about the firmware in these systems. Manually extracting firmware from COTS systems to assess potential vulnerabilities and risks is a slow and costly process that requires skilled experts. Through automation, GrammaTech intends to scale this important security measure to meet the growing assurance requirements of a wide range of DoD programs that need to address these risks.

Ray DeMeo, Chief Growth Officer at GrammaTech, said: “It’s important that components used in critical systems on the edge are secure and of known provenance. Nowhere is this more important than in firmware, which controls the hardware and can contain vulnerabilities that might put the system or other connected systems at risk. We’re excited to take on this difficult task and our expertise in firmware unpacking, binary segmentation and software automation make us more than ready for the challenge.”

About GrammaTech:
GrammaTech is a provider of advanced cybersecurity services and leading developer of software-assurance solutions. Originating from the computer science department at Cornell University, the company has a thirty-five-year history of delivering cutting-edge cyber capability in support of government, intelligence and mission-critical infrastructure. GrammaTech technology is used by software developers and system defenders alike, everywhere reliability and security are paramount. It covers threat detection and mitigation, malware analysis, machine learning and automation, migration to memory safe languages, attack surface area reduction, and software supply chain integrity.

Related Posts

Check out all of GrammaTech’s resources and stay informed.

view all posts

Contact Us

Get a personally guided tour of our solution offerings. 

Contact US