BlackBerry® Jarvis® 2.0

BlackBerry® Jarvis® 2.0 is a software composition analysis and static application security testingsolution that is designed to analyze binaries within complex embedded systems. It lets you identifysecurity vulnerabilities in products that have software from multiple sources, without the need for source code. It’s a powerful tool that provides you insights into your binaries and helps you catch potential security issues with the click.

Do you know what software is running on your embedded systems? A software bill of materials (SBOM) can help you identify critical information about software components, allowing you to detect potential issues with implications for intellectual property disputes, security risks or overall quality. BlackBerry Jarvis 2.0 provides a view of your product’s SBOM without depending on what your suppliers provide. It provides you with vendor and product details for each file via an interactive chart.

Identify Security Vulnerabilities

Security vulnerabilities are software defects thathackers can exploit to attack a system. Companies with sound security practices are vigilant in tracking,managing and remediating vulnerabilities. However, ifyou are integrating software of unknown provenance (SOUP) and have no access to source code, you may be unknowingly including security vulnerabilities in your product. BlackBerry Jarvis is unique in its ability to help you accurately identify vulnerabilities in these scenarios. Designed for embedded applications, it supports an extensive list of file formats and hardware architectures used in embedded devices.

To accurately uncover vulnerabilities in opensource components, you need to identify both the component and its version accurately. Without identifying the version, it is easy to miss a vulnerability or produce false positive results. This type of inaccuracy can be costly to you and your suppliers. BlackBerry Jarvis 2.0 excels in accurately detecting vulnerabilities thanks to its strong ability to accurately identify OSS versions. Beyond identifying Common Vulnerabilities and Exposures (CVEs) in open-source components, BlackBerry Jarvis 2.0 can uncover a rich set of security data to help security professionals gain an in-depth view of the software’s security posture and find ways to harden it. The tool discovers, collects, analyzes and presents this data with a series of interactive dashboards, each rendering a specific security perspective, such as compiler defense, information leakage and insecure API to name a few examples. To push even further, BlackBerry Jarvis 2.0 combines all this security intelligence and produces a list of Cautions that highlights the security gaps in the binaries, and on what remediation actions can betaken – all without requiring access to source code.

Simplify Regulatory Compliance

Security standards, such as ISO 21434 and regulations like the ones mandated in the US Executive Order 14028 and WP.29, ensure that vendors, suppliers and technology solution providers are accountable for managing their products’ cybersecurity. BlackBerry Jarvis 2.0 can help you meet regulatory compliance by providing you with insights on the software composition of your products, including open source software license management, automatically scanning your binary image to efficiently produce an SBOM. In fact, BlackBerry Jarvis 2.0 enables you to generate a comprehensive SBOM in the Software Package Data Exchange® (SPDX®) report standard, one of the leading standards to support Executive Order 14028. This ability to efficiently produce a standards-compliant SBOM is critical for the cybersecurity management required by emerging regulations.

Product Features

BlackBerry Jarvis helps you better understand the quality and composition of your software, enabling you to catalogue your software components and monitor your risk profile.

Intuitive Dashboards

  • Quickly identify areas of risk with CVSS scoring, allowing organizations to prioritize corrective actions

Open-Source Software(OSS) Detection

  • Determine the open-source software Bill of Materials(BOM) to assess associated risk and compliance

Common Vulnerabilities and Exposures(CVE)

  • Quickly identify areas of risk with CVSS scoring, allowing organizations to prioritize corrective actions

Software Bill of Materials(SBOM)

  • Uncover potential risks hidden in the binary package of your complex product.The SBOM lets you get anaccurate view your product's SBOM without having to rely on material provided by suppliers

Technical Specifications

BlackBerry Jarvis was designed for embedded software and covers a wide range of software, formats, operating systems, and hardware that can be combined to create binary packages.

Archive Formats

  • Various forms of compressed formats including ZIP, GZIP, TAR, RAR, AR
  • Virtual machine binary formats including VMDK, QCOW2 and DOS partitions
  • Linux/Unix package file formats including RPM, DEB, JAR and APK
  • Android package formats including Android Sparse Image, Boot Image and SDAT
  • Archives for various file systems including FAT, EXT4, QNXFS, JFFS2, SQUASHFS
    and CDROM

Hardware Architectures

  • ARM:vs, v6, v7, v8-A32 and 64 bits
  • Intel x86 32 and 64 bits
  • Power 32 bit, VLE
  • Infineon TriCore
  • Renesas V850, RH850, RL78
  • MIPS 32 bit
  • Spare 32 bit
  • AVR32

OS Platforms

  • Linux: ELF and so
  • Android: ELF, SO, APK
  • QNX6 and 7:ELF and SO
  • VxWorks 5 and 6
  • Classic AutoSAR
  • Dalvik: ART
  • Oracle Java:JAR, CLASS
  • Media: EXIFdata, such as geo-tagging

Programming Languages

  • C
  • C++
  • Java
  • Assembly