BlackBerry has launched a cloud-based static binary code scanning solution, Jarvis, designed to speed up the task of identifying vulnerabilities in automotive software. The company is now trialling the solution with several car makers.
“In our independent study, Jarvis delivered excellent efficiencies in time-to-market, significantly reducing the time to security-assess code from 30 days to seven minutes,” said Dr Ralf Speth, CEO of Jaguar Land Rover.
“Connected and autonomous vehicles require some of the most complex software ever developed, creating a significant challenge for auto makers who must ensure the code complies with industry- and manufacturer-specific standards while simultaneously battle-hardening a very large and tempting attack surface for cybercriminals,” said John Chen, executive chairman and CEO, BlackBerry.
Exacerbating the challenge for OEMs is the fact that vehicles use hundreds of software components, many of which are written by an expansive network of third-party suppliers spread across several tiers.
“Jarvis is a game-changer for OEMs because for the first time they have a complete, consistent and near-real-time view into the security posture of a vehicle’s entire code base along with the insights and deep learning needed to predict and fix vulnerabilities, ensure compliance and remain a step ahead of bad actors,” said Chen.
Offered on a pay-as-you-go basis, Jarvis is customised for each OEM and its software supply chain. Once initiated, auto makers have online access to Jarvis and can scan any number of binary files at every stage of software development. This includes the capability to evaluate new software under consideration as well as software already in production. Once scanned, development teams have immediate access to the results.