Videos

Explore a diverse range of expertly crafted videos covering Software Supply Chain Security, SBOM, Code Protections, Vulnerability Remediation, Cybersecurity Policy, and exclusive insights into RunSafe Security. Stay informed, enhance your cybersecurity knowledge, and stay ahead in the industry with these videos.

How and Why is RunSafe Working to Achieve Safety of Flight Certification for Its Memory Protection Tools

RunSafe’s Path to Ensuring Flight Safety Certification

In today’s RunSafe Security Minute, we’re exploring how RunSafe is working to achieve safety of flight certification in aviation safety. With the expertise of AFuzion, a leader in avionics software development, we are making significant strides toward this goal. RunSafe Code is divided into two main components, each serving a different purpose. The first component functions on the ground and requires qualification rather than certification. This process is guided by DO-330, which involves tool qualification essential for certifying airborne systems. We aim to achieve Tool Qualification Level 1, the highest level, allowing our Code to be used in the development of critical flight software. The second component operates during flight and must adhere to the certification guidelines outlined in DO-178. As a module, RunSafe provides all necessary documentation for DO-178 certification at Design Assurance Level A (DAL A) to the airborne system's owner. This ensures that RunSafe Code can be integrated into any system requiring a safety of flight, ensuring top-tier aviation safety.

RSSM: Describe how safety of flight certification works.

Aviation Safety: Understanding Safety of Flight Certification

The Safety of Flight Certification is the process used by aviation authorities like the Federal Aviation Administration (FAA) to ensure the safety and reliability of any airborne system operating in regulated airspace. This certification process is vital for maintaining high safety standards across the aviation industry, encompassing everything from commercial airliners to smaller private aircraft. The FAA publishes certification standards such as DO-178, which provide detailed guidance on developing products that are compatible with the safety of flight requirements. These standards are comprehensive, applying to specific system components, including hardware and software. Whether it's the aircraft's engines, avionics, or in-flight entertainment systems, every part must meet stringent safety levels corresponding to the potential risks of failure. One of the key aspects of the Safety of Flight Certification is that it needs to be integrated from the beginning of the product development process. Safety considerations must be "baked in" to the design and development stages, ensuring that all applicable standards are adhered to throughout the engineering lifecycle. This requires meticulous documentation and thorough planning for each component of the system. Verification and validation are critical components of this process. Verification ensures that the system meets all specified requirements, while validation confirms that the system performs its intended functions safely and reliably. These steps are essential for demonstrating that the system can operate safely within the highly regulated environment of modern airspace. Once the verification and validation phases are completed, aviation authorities conduct a thorough review of the product. This review determines whether the product has followed all the required standards and can be certified as safe for flight. The certification process is rigorous and detailed, reflecting the critical importance of safety in aviation. By ensuring that every airborne system meets the highest safety standards, Safety of Flight Certification plays a crucial role in maintaining the safety and reliability of air travel. From the engines to the entertainment systems, every component on an aircraft must be certified to ensure the overall safety of the flight.

Describe how Yocto users can easily generate an SBOM, identify vulnerabilities, and automate remediation.

Streamline Yocto Security with RunSafe SBOM Integration

With the increasing complexity of software development, identifying and mitigating security vulnerabilities has become a critical aspect of the development lifecycle. At RunSafe, we recognize the challenges faced by developers and organizations in maintaining the security of their software projects, particularly in the realm of embedded systems development. Yocto, a popular framework for building embedded Linux distributions, offers powerful tools for creating customized systems. However, like any software development process, security remains a top concern. That's where our RunSafe SBOM integration comes into play. SBOM, or Software Bill of Materials, provides a comprehensive inventory of the components within a software system, enabling developers to identify and address potential security vulnerabilities effectively. Our RunSafe SBOM layer for Yocto SBOM generation simplifies this process, making it easy for developers to generate and analyze SBOMs for their Yocto projects. By integrating our SBOM layer into your Yocto workflow, you gain access to a wealth of information about the software components within your project, including any known vulnerabilities. But we don't stop there. With our web application, you can seamlessly upload your generated SBOM and gain insights into the vulnerabilities present in your software ecosystem. Our intuitive interface provides detailed information about each vulnerability, empowering you to make informed decisions about your project's security posture. What sets RunSafe apart is our commitment to providing practical solutions to security challenges. Through our special integration for Yocto users, we offer a unique layer that enables effortless mitigation of identified vulnerabilities using RunSafe's proprietary code. With this integration, you can ensure the resilience of your Yocto projects and mitigate potential security risks effectively.

Unveiling the European Union’s Cyber Resilience Act: Transforming Cybersecurity Standards

Mandating Transparency: The Role of Software Bill of Materials (SBOM) under the CRA

The European Union's Cyber Resilience Act (CRA) is reshaping cybersecurity standards across member nations. The CRA mandates manufacturers to incorporate a Software Bill of Materials (SBOM) in formats such as CycloneDX and SPDX. This SBOM serves as an inventory of software dependencies, promoting transparency and accountability. While sharing the SBOM with entities like the European Union Agency for Cybersecurity (ENISA) and market surveillance authorities is compulsory upon request, there is no obligation to make this information public. The CRA covers a broad spectrum, including operating systems, network monitoring tools, and certificate issuers. However, open-source projects developed without commercial intent are exempt from these regulations, alleviating the burden on the open-source community. The CRA serves as a model for the global standardization of secure-by-design practices, highlighting governments' commitment to cybersecurity. This legislation represents a significant step towards fortifying digital resilience in an interconnected world. Advocate for standardized cyber resilience practices worldwide and witness how the CRA demonstrates governmental commitment to cybersecurity. Stay tuned for updates on this legislation as it shapes the future of cybersecurity.

What are 3 aspects of secure-by-design you’re excited RunSafe is implementing?

Leading the Way with Secure-by-Design

Over a year ago, we started re-implementing our randomization library using Rust. Even though it wasn’t an immediate attack vector, we prioritized security and pushed forward with the rewrite. This crucial update will be featured in our upcoming 5.x release of RunSafe Code, enhancing our software's robustness and security. Transparency is key to secure-by-design, which is why we’re making software build materials (SBOMs) public for all our offerings. This allows our customers to inspect and report any vulnerabilities they find, helping them stay informed and secure. By providing SBOMs, we ensure you know exactly when and why to update RunSafe Code in your systems. Furthermore, we are expanding our repository offerings to include more packages for Debian, Red Hat, and Docker environments. These new packages will also come with SBOMs, offering hardened versions of existing open-source software and detailed information for seamless deployment. These updates are just the beginning. We have many more exciting projects in the secure-by-design space that we can't wait to share with you. Stay tuned for more.

Close the NVD Data Gap with RunSafe: Stay Ahead of Vulnerabilities

Protect Your System with RunSafe Tools

Are you concerned about the security of your critical systems in the face of ever-evolving vulnerabilities? Are you worried you’ll miss a threat since the NVD is lacking key data? Look no further than RunSafe. Our cutting-edge tools, including the Attack Surface Risk Index (ASRI) and Software Bill of Materials (SBOMs), are designed to empower our customers with the best-in-class CPE data sourced from a diverse range of reliable outlets, including the esteemed National Vulnerability Database. We understand the importance of minimizing coverage gaps, which is why we leave no stone unturned in providing comprehensive protection. With RunSafe, even in scenarios where information is scarce, our innovative Code ensures that our customers remain shielded from potential threats. Gone are the days of reactive panic mode, where finding new data sources becomes a frantic scramble. Instead, RunSafe empowers users to adopt a proactive stance towards security, ensuring continuous protection against vulnerabilities. By leveraging RunSafe's advanced technology and robust data sourcing strategies, our customers can confidently navigate the ever-changing threat landscape. Our commitment to proactive security measures enables organizations to mitigate risks effectively and maintain the integrity of their systems. Don't let vulnerabilities compromise your critical system's security posture. Embrace RunSafe today and experience the peace of mind that comes with staying ahead of threats. With RunSafe, you can fortify your defenses, safeguard your assets, and uphold the resilience of your infrastructure. Take the proactive approach to security with RunSafe and protect what matters most. Join us as we navigate evolving vulnerability assessments, RunSafe’s solutions, and other cybersecurity updates as we empower viewers with the knowledge and insights needed to stay ahead of emerging threats.

Update on the National Vulnerability Database’s (NVD) Changes: Impact on Vulnerability Assessment and RunSafe

Navigating NVD's Changes: Implications for Vulnerability Assessments

In this video, we discuss the recent changes announced by the National Vulnerability Database (NVD) and their significant impact on vulnerability assessment practices. As of February 15, 2024, the NVD made a pivotal decision to curtail the publication of crucial information, signaling a shift in how individuals and businesses navigate cybersecurity vulnerabilities. Specifically, the NVD ceased the practice of matching Common Vulnerabilities and Exposures (CVEs) to Common Platform Enumerations (CPEs), causing ripples throughout the cybersecurity community. This alteration disrupts the conventional approach to safeguarding products, as it impedes the ability to swiftly identify vulnerabilities associated with specific hardware or software configurations. Previously, users could readily access information on emerging vulnerabilities and tailor their protective measures accordingly. However, with the discontinuation of CVE-to-CPE mapping, this process becomes increasingly challenging, leaving many individuals and organizations grappling with the evolving threat landscape. This update underscores the importance of having a reliable method to stay updated on current and growing threats. As threats continue to evolve and diversify, proactive measures become paramount. RunSafe aims to provide insights and updates on emerging trends, including vulnerability assessment methodologies and the latest vulnerabilities affecting digital environments. By understanding these changes and adapting strategies accordingly, individuals and businesses can enhance their resilience against cyber threats. Moreover, we explore the implications of NVD's decision on RunSafe, a critical component in fortifying software against cyber attacks. RunSafe solutions rely on accurate and timely vulnerability data to effectively mitigate risks and bolster the security posture of software systems. Thus, understanding how these changes impact RunSafe implementations is essential for ensuring robust cybersecurity measures. Join us as we navigate evolving vulnerability assessments, RunSafe’s solutions, and other cybersecurity updates as we empower viewers with the knowledge and insights needed to stay ahead of emerging threats.

Top Cybersecurity Trends for Securing Critical Infrastructure in Space

3 Core Issues Shaping Space Cybersecurity

As cybersecurity threats expand beyond our atmosphere, the need to protect important systems becomes even more critical. Space infrastructure security is more important than ever as technology advances and we rely more on satellites for communication, navigation, weather forecasting, and other essential services. The increasing connection between space technology and industries like energy, transportation, agriculture, and telecommunications makes it vital to have strong cybersecurity in space. Recent events have shown how important it is to improve security in space. The conflict in Ukraine highlighted the risk to commercial satellites from cyber threats when Russia targeted them. This event made it clear that we need better security measures to protect our space infrastructure. Understanding the three main issues in space cybersecurity today is essential.

Link Between Space Technology and Critical Industries

Satellites are crucial for modern infrastructure – global communication networks, precision agriculture, and efficient transportation systems. Protecting these assets is not just about safeguarding data, but also ensuring that vital services relying on space infrastructure continue uninterrupted.

Rise of Hybrid Military and Commercial Networks

The combination of military and commercial satellite communications brings new challenges for security. Managing access controls, encryption protocols, and threat detection becomes more complex as military and civilian operations share satellite resources. It’s important to ensure data integrity and confidentiality in these networks to maintain national security and economic stability.

Economic Shift Towards Operational Expenses

Satellite maintenance is an ongoing, necessary expense. To keep them functioning properly, there must be cost-effective cybersecurity solutions that maintain performance and reliability without compromising protections. As satellites' lifespans increase and their capabilities grow, resources must be allocated to maintain and secure these assets throughout their lifecycle. At RunSafe Security, we understand the importance of optimizing space assets for efficiency and ensuring strong cybersecurity measures are in place. Our approach focuses on software-based solutions that minimize disruption to space infrastructure's physical characteristics. By prioritizing cybersecurity without sacrificing operational efficiency, we aim to provide comprehensive protection for critical infrastructure beyond Earth's atmosphere.

Techniques to Debug Randomized Binaries with RunSafe

Streamlining Randomized Binary Debugging

Debugging randomized binaries can be a significant hurdle for developers, primarily because traditional tools like GDB lack awareness of the randomization process. This discrepancy often results in disparities between the expected symbol locations and their actual positions during runtime, making it challenging to pinpoint and resolve issues effectively. RunSafe Security offers a solution to this problem in the form of a GDB plugin. Designed to seamlessly integrate into your existing workflow, our plugin addresses the limitations of traditional debugging tools by providing enhanced support for debugging randomized binaries. Unlike other solutions that may require extensive adjustments or cause performance impacts, our plugin allows you to leverage GDB's capabilities with minimal disruption and no learning curve. One of the key features of the GDB plugin is its ability to generate randomized debug information that accurately aligns with your running application or core file. By doing so, it provides developers with a more intuitive and efficient debugging experience, enabling them to quickly identify and resolve issues within randomized binaries. With RunSafe's GDB plugin, developers gain access to a comprehensive set of tools that are designed to facilitate effective debugging under real-world production conditions. This includes overcoming the obstacles associated with mismatched debug information, resulting in streamlined debugging processes and improved productivity. By leveraging our GDB plugin, developers can overcome the challenges posed by debugging randomized binaries and ensure the reliability and security of their software applications. Say goodbye to the frustrations of traditional debugging tools and embrace the enhanced capabilities of RunSafe's GDB plugin for a smoother debugging experience.

Fortifying Taiwan’s Critical Infrastructure: Cyber Resilience Amidst Military Conflict

Understanding the Impact of Cyber Attacks on Taiwan's Communications Infrastructure

Safeguarding critical infrastructure is essential, particularly in regions like Taiwan, which face heightened susceptibility to cyber attacks targeting essential services. With the looming threat of a potential military conflict with China, Taiwan finds itself in need of more fortified defenses against cyber threats to ensure the uninterrupted operation of government services and financial transactions, spanning critical sectors such as banking and eCommerce. The significance of communications infrastructure cannot be overstated. The severing of two underwater cables connecting China in early 2023 stands as a stark reminder of the vulnerabilities inherent in Taiwan's infrastructure. Initially dismissed as accidental damage, further investigations uncovered evidence of a deliberate act perpetrated by a Chinese fishing boat. This deliberate action resulted in significant outages and disruptions across Taiwan, highlighting the fragility of the nation's communication networks in the face of deliberate sabotage. This incident serves as a wake-up call, underscoring the urgent need for Taiwan to bolster the resilience of its internet cables and make strategic investments in a robust satellite communications infrastructure. In times of military conflict or geopolitical tension, the ability to maintain seamless communication becomes vital for the effective operation of governmental agencies and the continuity of economic activities. Safeguarding both physical and satellite-based communication systems against cyber threats is a critical imperative for Taiwan's security and stability in an increasingly volatile geopolitical landscape. To address these pressing challenges, concerted efforts are required to reinforce Taiwan's infrastructure resilience and mitigate the risks posed by cyber threats. This entails not only fortifying physical infrastructure against potential attacks but also implementing robust cybersecurity measures to safeguard against digital threats. Collaborative initiatives involving government agencies, private sector entities, and cybersecurity experts are essential to develop comprehensive strategies aimed at enhancing Taiwan's cyber resilience and ensuring the continued functionality of critical infrastructure under all circumstances. As we navigate the complexities of safeguarding critical infrastructure amid the looming threat of cyber attacks and military conflict, it becomes imperative for stakeholders to come together in a concerted effort to address these challenges and secure Taiwan's future. By prioritizing investments in infrastructure resilience and cybersecurity, Taiwan can effectively mitigate the risks posed by cyber threats and safeguard the stability and security of its critical infrastructure in the face of evolving geopolitical dynamics.

RSSM: Elevate Your Software Security – Build-time SBOM vs. Binary SBOM

RunSafe Security's Advanced Build-time SBOM Tool

By harnessing the vast amounts of build-time data, you can elevate your security measures to be proactive, extending protections beyond the limitations of binary-focused approaches. This gives you access to the complete spectrum of build-time information. With elevated threats and more sophisticated vulnerability attacks, the need for a more nuanced understanding of software dependencies has never been more apparent. With a build-time SBOM, you can navigate through the labyrinthine network of libraries, modules, and frameworks that underpin your software's functionality, gaining insights that go far beyond mere execution essentials. By capturing detailed information about dynamic library names, versions, symbols, and hash values, a build-time SBOM offers a granular view of the software's composition, enabling you to identify and address potential vulnerabilities and security risks at their source. A build-time SBOM also provides extensive information about the software's construction process, including crucial details such as build system locations, hashes upon access, and the hierarchical relationships between different dependencies. Armed with this comprehensive understanding of the software's makeup, you can enhance your security posture by proactively identifying and mitigating potential threats before they have a chance to manifest. But the benefits of a build-time SBOM extend beyond security considerations alone. By gaining visibility into the entire compilation process, including source files, header files, static libraries, and intermediary applications generated during builds, you can streamline your development workflow, improve collaboration between different teams, and ensure compliance with industry regulations and best practices. In essence, a build-time SBOM represents a paradigm shift in how we approach software security and development. By embracing the power of complete build-time information, you can fortify your software against emerging threats, optimize your development processes, and pave the way for a more secure and resilient digital future. Embrace the benefits of proactive security with a comprehensive build-time SBOM from RunSafe Security.

Revolutionizing Zero-day Exploit Protection: Hardening Code with Load-time Function Randomization

Defending Against the Unseen Threats

At RunSafe Security, our team has conducted extensive analysis to assess the efficacy of load-time function randomization, especially in the context of mitigating zero-day exploits, which are inherently unpredictable and pose significant threats to software systems. Our investigation began with rap gadgets, which serve as fundamental components akin to Lego pieces in an attacker's arsenal, particularly for targeting memory vulnerabilities. Through meticulous examination of thousands of open-source binaries, we meticulously extracted essential statistics pertaining to functions and ROM gadgets. We observed that the average binary comprises approximately 220 functions and over a thousand rap gadgets, averaging nearly 5 gadgets per function. Notably, a considerable number of functions lacked gadgets, with a staggering 95% having fewer than 30 gadgets. Out of the 245,000 functions scrutinized, only a mere handful possessed 500 or more gadgets. Subsequently, leveraging publicly available tools like Rapper, we endeavored to evaluate the presence of rap gates in the binaries. Our findings were revealing, indicating that 25% of these binaries harbored functioning chains capable of potentially granting unauthorized access to the device. This alarming discovery underscores the significance of addressing vulnerabilities, especially given that vulnerabilities occur at a rate of 7 to 12 per 1,000 lines of code, as highlighted by NIST and other reputable studies. Enter RunSafe Security: code hardening with load-time function randomization. With an average of 220 functions per binary, this approach results in an astronomical number of load combinations, approximately equivalent to 2.284 times 10 to the power of 420. The implications are profound, as this strategy significantly enhances entropy, thereby severely restricting an attacker's options. Instead of having access to a myriad of rap gadgets, attackers are confined to the gadgets within the specific vulnerable function, with an average of less than 5 per function. Upon conducting a thorough reassessment of the binaries, we made a remarkable discovery—none of them exhibited function-level rap chains. This outcome underscores the effectiveness of RunSafe's load-time function randomization in fortifying software systems against potential threats. This robust defense mechanism instills confidence, even in the face of future zero-day vulnerabilities, as systems protected by RunSafe's measures offer resilient protection, leaving attackers with minimal avenues for exploitation.