Software supply chain security startup ReversingLabs Inc. today announced the release of Spectra Assure, a new supply chain security solution powered by artificial intelligence-driven complex binary analysis to uncover material risk.

Complex binary analysis is a cybersecurity technique used to scrutinize compiled, executable software versions to detect malware, vulnerabilities and unauthorized modifications without needing access to the source code. The technology leverages algorithms to deconstruct and analyze binary code to provide a deep understanding of software behavior and security risks at the machine level.

Using AI and complex binary analysis, Spectra Assure is claimed to provide unparalleled protection against software supply chain attacks for software producers and the necessary critical risk analysis for enterprise software buyers.

ReversingLabs argues that traditional application security testing solutions such as static application security testing, software composition analysis and dynamic application security testing are limited. They may only focus on open-source software, are not designed to identify malware or malicious components, and cannot analyze the entire software package.

In contrast, the company says, Spectra Assure provides a comprehensive build exam that accurately identifies malware and tampering before release or deployment. The new service analyzes the entire software package, including first-, second- and third-party components for threat detection and can handle large and complex software packages, deconstructing and reporting on issues in as little as minutes or hours.

In addition to AI-driven complex binary analysis and threat detection, Spectra Assure features include tampering identification to spot unauthorized changes and software integrity validation to ensure the software remains uncompromised. A secrets detection feature uncovers hidden sensitive information, vulnerability prioritization addresses critical security flaws first and a comprehensive software bill of materials offers a detailed inventory of all software components.

“Spectra Assure enables software producers and their enterprise buyers to identify compliance issues, exposures and threats like malware, tampering, vulnerabilities, mitigation guidance, exposed secrets, and license issues – all without the need for source code,” said Tomislav Peričin, co-founder and chief software architect and co-founder of ReversingLabs. “Our Complex Binary Analysis delivers a comprehensive Risk Assessment report that lets you identify, assess and resolve critical issues, delivering the trust and assurance you need before you ship or deploy your software.”

ReversingLabs is a venture capital-backed company, having raised $81 million, according to Tracxn, including a round of $25 million in 2017. Investors include Crosspoint Capital Partners LP, Prelude Fund Services LLC, Forgepoint Capital Management LLC and JPMorgan Chase & Co.

Photo: ReversingLabs