BlackBerry^® Jarvis^® 2.0 is a software composition analysis and static application security testing solution that is designed to analyze binaries within complex embedded systems. It lets you identify security vulnerabilities in products that have software from multiple sources, without the need for source code. It’s a powerful tool that provides you insights into your binaries and helps you catch potential security issues with the click.

It’s challenging to understand software composition and vulnerability exposure of embedded systems—especially in industries such as automotive, medical equipment, and aerospace and defense, where you need to navigate complex supply chains and stringent regulatory requirements.

BlackBerry Jarvis scans binary images or files you upload and generates reports that include graphical views of third-party files, third-party licenses and groupings of detected vulnerabilities by severity.

Do you know what software is running on your embedded systems? A software bill of materials (SBOM) can help you identify critical information about software components, allowing you to detect potential issues with implications for intellectual property disputes, security risks or overall quality. BlackBerry Jarvis 2.0 provides a view of your product’s SBOM without depending on what your suppliers provide. It provides you with vendor and product details for each file via an interactive chart.

Security vulnerabilities are software defects that hackers can exploit to attack a system. Companies with sound security practices are vigilant in tracking, managing and remediating vulnerabilities. However, if you are integrating software of unknown provenance (SOUP) and have no access to source code, you may be unknowingly including security vulnerabilities in your product. BlackBerry Jarvis is unique in its ability to help you accurately identify vulnerabilities in these scenarios. Designed for embedded applications, it supports an extensive list of file formats and hardware architectures used in embedded devices.

To accurately uncover vulnerabilities in open source components, you need to identify both the component and its version accurately. Without identifying the version, it is easy to miss a vulnerability or produce false positive results. This type of inaccuracy can be costly to you and your suppliers. BlackBerry Jarvis 2.0 excels in accurately detecting vulnerabilities thanks to its strong ability to accurately identify OSS versions. Beyond identifying Common Vulnerabilities and Exposures (CVEs) in open-source components, BlackBerry Jarvis 2.0 can uncover a rich set of security data to help security professionals gain an in-depth view of the software’s security posture and find ways to harden it. The tool discovers, collects, analyzes and presents this data with a series of interactive dashboards, each rendering a specific security perspective, such as compiler defense, information leakage and insecure API to name a few examples. To push even further, BlackBerry Jarvis 2.0 combines all this security intelligence and produces a list of Cautions that highlights the security gaps in the binaries, and on what remediation actions can betaken – all without requiring access to source code.

Security standards, such as ISO 21434 and regulations like the ones mandated in the US Executive Order 14028 and WP.29, ensure that vendors, suppliers and technology solution providers are accountable for managing their products’ cybersecurity. BlackBerry Jarvis 2.0 can help you meet regulatory compliance by providing you with insights on the software composition of your products, including open source software license management, automatically scanning your binary image to efficiently produce an SBOM. In fact, BlackBerry Jarvis 2.0 enables you to generate a comprehensive SBOM in the Software Package Data Exchange (SPDX) report standard, one of the leading standards to support Executive Order 14028. This ability to efficiently produce a standards-compliant SBOM is critical for the cybersecurity management required by emerging regulations.