RunSafe Security, a pioneer of cyberhardening technology for embedded systems across critical infrastructure, announced the launch of its newest innovation, the RunSafe Risk Reduction Analysis, which analyzes total exposure to Common Vulnerabilities and Exposures (CVEs) and memory-based zero days in software. Designed for cybersecurity professionals and embedded systems developers, the solution provides much-needed insight into system vulnerabilities as well as data on how runtime mitigations can drastically reduce software exposure.
Critically, the RunSafe Risk Reduction Analysis, part of the company's Identify solution, focuses on identification and mitigation of memory-based vulnerabilities, which are one of the most exploited classes of security flaws in modern embedded systems. Memory safety flaws leave software susceptible to attacks such as arbitrary code execution, privilege escalation, denial-of-service (DoS), and data theft. The Risk Reduction Analysis reveals total exposure to these critical flaws while measuring the risk reduction achieved when applying advanced runtime protections.
"Memory safety issues continue to account for nearly 70% of vulnerabilities in embedded systems," said Joseph M. Saunders, Founder and CEO of RunSafe Security. "With the Risk Reduction Analysis, we're giving organizations the tools and insights to eliminate an entire class of vulnerabilities, significantly improving their resilience against remote code execution attacks and other exploits."
The Risk Reduction Analysis works by analyzing a software binary or an SBOM to calculate the risk to embedded systems. The tool's ability to quantify memory-based zero days is developed out of novel research from Linköping University and calculates the number of binary attack vectors, or return-oriented programming (ROP) chains, within software. In an example analysis, the tool revealed that software was exposed to 1.6 million potential ROP gadgets, but with runtime protections applied, there was a risk reduction of >98.28%.
As part of the launch, organizations will be able to access a live walkthrough of the Risk Reduction Analysis with sample data found here: https://app.runsafesecurity.com/sample-risk-reduction
For more information about RunSafe's approach to protecting embedded software systems and shielding against memory-based exploits and advanced cyber threats, please visit https://runsafesecurity.com.
RunSafe Security immunizes software from cyberattacks without developer friction, disrupting hacker economics. Our security techniques inoculate customer systems from an entire class of cyberattacks. Our customers integrate our product across build toolchains without developer friction, protecting open-source software and proprietary native code without changing system behavior nor affecting system overhead. Headquartered in McLean, Virginia, with offices in Huntsville, Alabama and Munich, Germany, RunSafe Security's customers span the aerospace & defense, energy & industrial automation, transportation & autonomy, medical devices, and high-tech verticals. Learn more at: https://runsafesecurity.com/.
