The RunSafe Security Platform, which arrives on the scene with the capability to automate risk identification, exploit prevention, and facilitation of runtime software monitoring, has been officially announced as the release of RunSafe Security, a leader in immunizing software from cyberattacks through a patented, frictionless process. The aforementioned platform will, according to some reports, enable developers to generate a high-fidelity software bill of materials (SBOM) at build time, ensuring the highest level of accuracy in identifying software components and associated vulnerabilities. More information on the subject would reveal how, at first, such a setup is anticipated to provide authoritative, build-time C/C++ SBOM generation for embedded systems and simultaneously improve a system's resilience by automating the correction of memory safety flaws in compiled code. We must take into account the fact that, with regulations like the Cyber Resiliency Act and the FD&C Act in place, building and including SBOMs is quickly becoming a crucial requirement for all businesses to understand the significance of this development. Additionally, these requirements were largely developed in response to concerns regarding the security of the software supply chain, which places a pressing need on SBOMs to identify risks and stay ahead of potential threats. In response, RunSafe Security Platform leverages 400-plus vulnerability data sources to deliver comprehensive cybersecurity solutions for embedded systems deployed across critical infrastructure. The platform is able to reveal software dependencies, identify vulnerabilities, and quantify risks by generating an SBOM with complete visibility into software components. In a nutshell, the platform gives you the insights you need to improve your security and find vulnerabilities. Complementing this would be the presence automated tools that can help spread these benefits throughout the development lifecycle.
“RunSafe’s platform is timely given the new EU Cyber Resilience Act’s product liability,” said Joao Carreira, CEO of Critical Software. Using automated tools, "organizations can not only generate a complete SBOM, but they can also immediately mitigate vulnerabilities and future-proof against zero days," allowing developers to concentrate on developing new features. If we want to get into the specifics of the proposed solution, let's start with a feature in RunSafe Identify that lets users create SBOMs for embedded systems during software build. Furthermore, you can identify software vulnerabilities, as well as quantify available risk reduction technologies for those vulnerabilities.
Leveraging insights into software components, vulnerabilities, and effective mitigation strategies, RunSafe guides an organization big time in enhancing their software’s resilience against evolving cyber threats.
Next up, we have a RunSafe Protect facility in place that is designed to mitigate cyber exploits. This it does by relocating software functions in memory every time the software is run. The idea behind that is to achieve a unique memory layout to prevent attackers from exploiting memory-based vulnerabilities. The stated approach, on its part, can help you maintain system performance and functionality without modifying the original software. RunSafe also provides a repository of pre-hardened open-source packages and containers, providing immediate protection against open-source software attacks, in case that wasn't enough. RunSafe Monitor, on the other hand, effectively provides you with real-time crash data and heuristics to determine whether a crash was the result of a cyberattack or a software bug. With this capability, precise triage is made easier, saving time and effort on false positives. We should mention, among other things, that RunSafe's passive monitoring also records software crashes and gathers information on stability, dependability, and potential vulnerabilities. Hence, when a crash occurs, this data is swiftly directed to incident response teams for accurate and efficient triage, enhancing overall software security and resilience.
Shane Fry, CTO of RunSafe Security, stated, "Software is complex, frequently utilizing third-party components and open-source code, which leads to vulnerabilities that can compromise an entire system." “To remain competitive, today's organizations face the challenge of managing limited resources due to the constant requirement for software patching, reducing operational disruptions, and improving security compliance. By proactively protecting embedded software to enhance an organization's security, we are addressing these critical challenges with our new platform."
