|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
BlackBerry Jarvis
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Key Features
|
|
|
|
|
|
Static Analysis Engine |
DevSecOps Integration
|
-
Detects vulnerabilities (Uncontrolled
format string, integer overflow, SQL
injection, etc.).
-
Generates Call-Flow and Data‐Flow graphs
for binary and source code.
|
-
CLI plugin for Jenkins, GitLab CI to
automate security scans on each build.
-
Provides JSON/XML reports for dashboard
integration.
|
|
|
Regulatory Compliance
|
Third-Party Library
Assurance |
-
Checks against CERT C/C++ Coding
Standards, MISRA, AUTOSAR C++14, CWE.
|
-
Scans precompiled third-party binaries for
known vulnerabilities (CVE matching).
|
|
|
|
|
|
|
Why Jarvis? (Use Cases)
|
|
|
|
|
|
Early Security Gates
|
Safety-Critical
Certification |
Automatically catch buffer-overflows or
missing bounds checks on firmware and device
binaries before QA. |
Generate evidence for ISO 26262, IEC 62304, or
FDA audits by proving your code adheres to CERT,
MISRA, and AUTOSAR guidelines.
|
|
|
Third-Party Risk
Mitigation
|
Embedded DevSecOps |
Scan imported libraries (e.g. RTOS ports,
middleware) to ensure they don’t introduce CVE-level
vulnerabilities |
Embed Jarvis into nightly builds so every new
commit is automatically static-analyzed—security
is no longer “last minute.” |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|