Page 75 - Cyber Warnings
P. 75
Binary analysis furthers this capability by continuing the data flow trace into binary code, where
such analysis is impossible with source-only analysis.
Tool Chain Errors and Backdoors
Binary analysis augments static source code analysis by detecting tool-chain induced errors and
vulnerabilities. Backdoors have been placed in C/C++ compilers in the past and remain virtually
undetected for years.
Binary analysis allows developers to evaluate the results of source-based and binary results to
make sure quality and security issues are not introduced by the tool chain.
Multiplatform Support
Binary analysis is hardware CPU architecture-dependent, as one would guess, given the nature
of binary code. GrammaTech CodeSonar’s Binary Analysis supports both the x86 and ARM
platforms, which cover a large majority of embedded, mobile and embedded devices in the
marketplace.
Conclusion:
It’s critical that potential vulnerabilities, quality and safety defects are detected and accounted
for before code is used in a final product. Proper supply-chain risk management requires due
diligence for reusing code, whether that's in-house, free or open-source, or from commercial
vendors.
Binary analysis provides an important tool for evaluating quality, security, and safety before it
becomes part of your product.
About The Author
Bill Graham is a seasoned embedded software development manager
with years of development, technical product marketing and product
management experience.
Bill can be reached online at @Bill_Graham and at
http://iot.williamgraham.ca.
75 Cyber Warnings E-Magazine October 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
