Finite State Adds Binary Analysis to Catch Zero-Days

Finite State this week has added a binary analysis capability that enables device manufacturers to more easily identify zero-day vulnerabilities in software. Jeff Martin, vice president of product for Finite State, said this latest addition to the company's risk analysis platform can quickly assess third-party components for zero-day vulnerabilities and other known common vulnerabilities and exposures (CVEs). The Finite State risk analysis platform is primarily used by device manufacturers that typically employ on-board support packages (BSPs) and software development kits (SDKs) from third-party vendors and developers. The challenge they face is those BSPs and SDKs are essentially a black box that device manufacturers can't see inside, added Martin. In the absence of that visibility, Martin said device manufactures have no idea whether or not their software supply chains have been compromised by a zero-day vulnerability.