The annual RSA Conference in San Francisco draws thousands of cybersecurity experts from around the world, along with numerous corporate exhibitors that use the opportunity to spotlight their newest products. This year’s event, which kicked off on Wednesday, saw the National Security Agency join the chorus by open-sourcing an internal software analysis tool called Ghidra.

Ghidra provides a workbench for reverse engineering programs to expose their source code. Specifically, the system is geared toward security researchers whose work consists of analyzing newly discovered malware strands to understand how they propagate and who created them.

Ghidra boasts an expansive feature set. The system, which is made up of no less than 1.2 million lines of code, can run on Windows, Linux and macOS with support for more than a dozen processor architectures. This broad hardware compatibility enables researchers to analyze many different kinds of malware, including payloads targeted at specialized systems such as mainframes.

Another standout capability is Ghidra’s focus on collaboration. The system enables several researchers to work on a program at once, as well as share the results of their reverse-engineering efforts with one another directly though the native interface.

Particularly savvy security teams can customize Ghidra using plugins to adapt it to their specific workflows. The system provides a mechanism for creating extensions that, among other things, makes it possible to add compatibility with additional processor architectures beyond the ones supported out of the box.

Ghidra could emerge as a serious contender to the commercial reverse-engineering tools that currently dominate the market. The most popular product, an application called IDA Pro, costs thousands of dollars per license and doesn’t support as many processor types.

Ghidra is the latest in a series of internal technologies that the NSA has released as part of a long-running initiative known as the Technology Transfer Program. The agency’s previous open-source contributions include SELinux, a widely used Linux module that adds access control features to the operating system.

Photo: Wikimedia