BlackBerry today announced the release of BlackBerry® Jarvis 2.0®, the latest edition of the company’s flagship software composition analysis tool.
BlackBerry Jarvis 2.0 introduces a Software-as-a-Service (SaaS) version of the original Jarvis capabilities that provide developers and integrators a more user-friendly, focused feature set around the three most important areas that those building mission-critical applications need to validate to ensure the quality of their multi-tiered software supply chain: Open-Source Software (OSS), Common Vulnerabilities and Exposures (CVE) and Software Bill of Materials (SBOM) management. The online end user dashboard of the tool has also been enhanced with specific cautions and advisory flags, empowering teams to keep software secure from all known issues based on the actionable intelligence BlackBerry Jarvis 2.0 provides.
Designed to address the increasing complexity and growing cybersecurity threats among multi-tiered software supply chains within the medical, automotive, and aerospace industries, BlackBerry Jarvis 2.0 empowers OEMs to inspect the provenance of their code and every single software asset that comes into their overall supply chains, to ensure their products are both secure and updated with the most recent security patches.
Building software for a modern automobile is far easier said than done, with more than 150,000 publicly disclosed vulnerabilities as of mid-July 2021. A complex piece of software for a vehicle infotainment system may contain hundreds of third-party software modules. Failure to check and update each piece of software provides openings for attackers to potentially exploit those vulnerabilities.
BlackBerry Jarvis 2.0 addresses the need to identify and remediate vulnerabilities by identifying them, then providing deep actionable insights in minutes – something that would otherwise involve manually scanning, which would take large numbers of experts and an impractical amount of time.
“A number of cybersecurity regulatory changes and standards such as UNECE WP.29 and SBOM are on the horizon, which will empower authorities to levy fines against non-compliance or shut down operations completely," said Adam Boulton, Chief Technology Officer, BlackBerry Technology Solutions. "So the time for OEMs to get a handle on their entire code base is now. Don’t sit idly by and wait for a bad actor to exploit a vulnerability that could have far-reaching consequences. With the release of BlackBerry Jarvis 2.0, embedded software developers and integrators have an intuitive and reliable software composition analysis tool to help them meet their cybersecurity goals with efficiency and confidence.”
"As software supply chains get increasingly complex and cyberattacks become more sophisticated, securing embedded devices at the firmware layer is becoming an integral part of device security management. With Jarvis 2.0, BlackBerry has translated years of knowledge and experience in embedded device security into an impressive, feature rich product for software binary analysis." — Hiten Shah, Senior Analyst, TechVision, Frost & Sullivan.