|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
BlackBerry® Jarvis® 2.0
|
|
|
|
|
|
|
|
|
|
|
|
BlackBerry® Jarvis® 2.0 is a
software composition analysis and static application
security testing solution that is designed to analyze
binaries within complex embedded systems. It lets you
identify security vulnerabilities in products that have
software from multiple sources, without the need for
source code. It’s a powerful tool that provides you
insights into your binaries and helps you catch
potential security issues with the click.
|
|
|
|
|
|
Uncover Software Vulnerabilities Across Your
Complex Supply Chain
|
|
|
|
|
|
It’s challenging to understand
software composition and vulnerability exposure of
embedded systems—especially in industries such as
automotive, medical equipment, and aerospace and defense,
where you need to navigate complex supply chains and
stringent regulatory requirements.
BlackBerry Jarvis scans binary images or files you
upload and generates reports that include graphical
views of third-party files, third-party licenses and
groupings of detected vulnerabilities by severity.
|
|
|
|
|
|
Reveal What's Hidden In Your Binaries
|
|
|
|
|
|
Do you know what software is
running on your embedded systems? A software bill of
materials (SBOM) can help you identify critical
information about software components, allowing you to
detect potential issues with implications for
intellectual property disputes, security risks or
overall quality. BlackBerry Jarvis 2.0 provides a view
of your product’s SBOM without depending on what your
suppliers provide. It provides you with vendor and
product details for each file via an interactive chart.
|
|
|
|
|
|
|
|
|
Identify Security Vulnerabilities
|
|
|
|
|
|
Security vulnerabilities are
software defects that hackers can exploit to attack a
system. Companies with sound security practices are
vigilant in tracking, managing and remediating
vulnerabilities. However, if you are integrating
software of unknown provenance (SOUP) and have no access
to source code, you may be unknowingly including
security vulnerabilities in your product. BlackBerry
Jarvis is unique in its ability to help you accurately
identify vulnerabilities in these scenarios. Designed
for embedded applications, it supports an extensive list
of file formats and hardware architectures used in
embedded devices.
To accurately uncover vulnerabilities in open source
components, you need to identify both the component and
its version accurately. Without identifying the version,
it is easy to miss a vulnerability or produce false
positive results. This type of inaccuracy can be costly
to you and your suppliers. BlackBerry Jarvis 2.0 excels
in accurately detecting vulnerabilities thanks to its
strong ability to accurately identify OSS versions.
Beyond identifying Common Vulnerabilities and Exposures
(CVEs) in open-source components, BlackBerry Jarvis 2.0
can uncover a rich set of security data to help security
professionals gain an in-depth view of the software’s
security posture and find ways to harden it. The tool
discovers, collects, analyzes and presents this data
with a series of interactive dashboards, each rendering
a specific security perspective, such as compiler
defense, information leakage and insecure API to name a
few examples. To push even further, BlackBerry Jarvis
2.0 combines all this security intelligence and produces
a list of Cautions that highlights the security gaps in
the binaries, and on what remediation actions can
betaken – all without requiring access to source code.
|
|
|
|
|
|
|
|
|
|
|
Simplify Regulatory Compliance
|
|
|
|
|
|
Security standards, such as ISO
21434 and regulations like the ones mandated in the US
Executive Order 14028 and WP.29, ensure that vendors,
suppliers and technology solution providers are
accountable for managing their products’ cybersecurity.
BlackBerry Jarvis 2.0 can help you meet regulatory
compliance by providing you with insights on the
software composition of your products, including open
source software license management, automatically
scanning your binary image to efficiently produce an
SBOM. In fact, BlackBerry Jarvis 2.0 enables you to
generate a comprehensive SBOM in the Software Package
Data Exchange (SPDX) report standard, one of the
leading standards to support Executive Order 14028. This
ability to efficiently produce a standards-compliant
SBOM is critical for the cybersecurity management
required by emerging regulations.
|
|
|
|
|
|
|
|
|
|
|
Product Features
|
|
|
|
|
|
BlackBerry Jarvis helps you better understand the quality and
composition of your software, enabling you to catalogue your software components and monitor
your risk profile.
|
|
|
|
|
Intuitive Dashboards
|
Open-Source Software (OSS) Detection
|
Quickly identify areas of risk with CVSS scoring, allowing
organizations to prioritize corrective actions
|
Determine the open-source software Bill of Materials (BOM) to
assess associated risk and compliance
|
|
|
Common Vulnerabilities and Exposures
|
Software Bill of Materials(SBOM)
|
Quickly identify areas of risk with CVSS scoring, allowing
organizations to prioritize corrective actions
|
Uncover potential risks hidden in the binary package of your
complex product.The SBOM lets you get anaccurate view your product's SBOM without
having to rely on material provided by suppliers
|
|
|
|
|
|
|
Technical Specifications
|
|
|
|
|
|
BlackBerry Jarvis was designed for embedded software and covers a wide
range of software, formats, operating systems, and hardware that can be combined to create
binary packages.
|
|
|
|
|
|
Archive Formats
|
Hardware Architectures
|
-
Various forms of compressed
formats including ZIP, GZIP, TAR, RAR, AR
-
Virtual machine binary formats including VMDK, QCOW2
and DOS partitions
-
Linux/Unix package file formats including RPM, DEB,
JAR and APK
-
Android package formats including Android Sparse
Image, Boot Image and SDAT
-
Archives for various file systems including FAT,
EXT4, QNXFS, JFFS2, SQUASHFS and CDROM
|
-
ARM:vs, v6, v7, v8-A32 and 64 bits
-
Intel x86 32 and 64 bits
-
Power 32 bit, VLE
-
Infineon TriCore
-
Renesas V850, RH850, RL78
-
MIPS 32 bit
-
Spare 32 bit
-
AVR32
|
|
|
OS Platforms
|
Programming Languages
|
- Linux: ELF and so
- Android: ELF, SO, APK
- QNX6 and 7:ELF and SO
- VxWorks 5 and 6
- Classic AutoSAR
- Dalvik: ART
- Oracle Java:JAR, CLASS
- Media: EXIFdata, such as geo-tagging
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|