OP, a pioneer in the development of automated firmware security technologies for smart devices and industrial systems, announced the launch of an advanced version of its groundbreaking product security platform. The new platform, which has been developed for and used by the U.S. government for the past 6 years, has now been expanded to help Original Equipment Manufacturers (OEMs) and Integrators build systems that are secure-by-default and help them comprehensively manage and mitigate cyber risk of those systems throughout the entire product lifecycle.
“Historically, product security teams have only had the resources to perform limited, manual security assessments prior to a product release,” noted OP CEO Irby Thompson. “Unfortunately a system’s security posture naturally degrades over time, and thus proactive cybersecurity vigilance is required. The OP Product Security Platform now enables OEMs and Integrators to perform automated and continuous security evaluations – providing real-time vulnerability insights, secure-by-design guidance, and cyber risk mitigations.”
The platform, powered by OP’s automated program analysis engine, originally developed under DARPA, continuously analyzes device firmware and detects N-day and 0-day vulnerabilities in compiled binary code in real time (without requiring source code). The system produces a Software Bill of Materials that exposes the ground truth about the code that’s actually deployed within devices, and leverages that SBOM to detect and mitigate inherited dependency risks within the software supply chain. Identified defects and CVEs are verified to be exploitable via device emulation in order to provide informed CVSS risk scoring. This enables prioritized remediation of the highest risk vulnerabilities first.
Throughout the product design, development, and testing process, the platform provides technical implementation guidance and compliance checks that help engineering teams ensure their products are secure by default and conform to industry standards and government regulations. By scrutinizing CI/CD artifacts, identifying vulnerabilities, and automatically suggesting remediation tactics, the platform proactively and fundamentally improves code quality – accelerating market entry and ultimately reducing future risk of expensive in-field vulnerability repairs or product recalls.
Proactive security risk management continues after product release through automated “red-team” penetration testing – continuously simulating real-world cyber attacks in a digital twin environment and alerting manufacturers to any new or emerging issues. Further, it helps product teams track security evolution build by build, and enables quality improvement visualization over time in fast-paced development cycles. The platform’s interactive monitoring dashboard centralizes and synthesizes product risk data, correlating, tracking, and remediating security issues in order to streamline the Incident Response process.
“OEMs and Integrators that utilize OP technology can significantly enhance the security posture of their products,” Thompson underscored. “This protects them not only against existing but also emerging cybersecurity threats.”
OP | op4.io
Kirsten Campbell is a Marketing Tornado and junk robot of information. Analytical and creative, she has been in marketing and communications since 2008 and worked with everyone from small businesses to your favorite household names.
Ask her about the time she made a numismatics blog interesting (yes, really) or wrote an obit for a family she never met.
An ardent admirer of corporate snark played out online, Kirsten loves Reese’s peanut butter cups and still isn't over the Mars Rover.