Explore a diverse range of expertly crafted videos covering Software Supply Chain Security, SBOM, Code Protections, Vulnerability Remediation, Cybersecurity Policy, and exclusive insights into RunSafe Security. Stay informed, enhance your cybersecurity knowledge, and stay ahead in the industry with these videos.

RSSM: How can RunSafe help companies deploy safe open-source packages?

RunSafe's Memory Randomization and Software Protection

Safeguarding your company against the myriad vulnerabilities that lurk in the shadows of the digital world is paramount. While there are many benefits to open source software, it also presents inherent security risks due to its accessible source code and frequent updates. RunSafe recognizes this challenge and introduces a groundbreaking solution in the form of RunSafe Repo. RunSafe Repo serves as a repository housing popular open source packages that have been pre-hardened with the robust RunSafe Code, significantly enhancing software protection. Noteworthy packages such as Python, Redis, and Nginx have already been fortified within Repo. The seamless integration of these fortified packages into existing code bases requires no modifications, empowering developers to bolster their defense mechanisms against cyber threats even in scenarios where fixes or patches are unavailable. What sets RunSafe Repo apart is its commitment to ensuring that each pre-hardened package maintains functional equivalence while dynamically loading at runtime with a unique memory layout. This proactive approach automatically strengthens your software against prevalent and severe cyber attacks, setting a new standard for cybersecurity defense. By embracing RunSafe, companies can elevate their cybersecurity strategies to unprecedented levels, experiencing a paradigm shift in safeguarding their invaluable digital assets. Embrace the future of cybersecurity with confidence, knowing that RunSafe leads the charge in reshaping the narrative of digital defense. With RunSafe Repo at your disposal, you gain access to a comprehensive suite of pre-hardened packages that not only fortify your software but also provide a level of assurance that each package maintains its functionality while enhancing security measures. This innovative approach ensures that your defenses remain robust and effective against emerging cyber threats, giving you peace of mind in an increasingly complex digital environment. As you navigate the intricate landscape of cybersecurity challenges, RunSafe stands as a beacon of protection and innovation, empowering you to stay ahead of potential risks and secure your digital assets with confidence and resilience.

RSSM: Why is RunSafe’s load-time function randomization better for control flow integrity than address space layout randomization?

RunSafe's Load-time Function Randomization for Control Flow Integrity and Secure Software Development

Each time your program or library loads, we redefine the game by meticulously randomizing the order and layout of all the code within that binary or library. Unlike conventional address-based layout randomization, our approach operates at an exceptionally high granularity, providing an extensive range of possible permutations that enhance security and ensure control flow integrity. ASLR often involves moving an entire program as one large chunk, making it vulnerable to exploitation in the presence of even a single information leak. Our Secure Randomization (SR) takes a distinctive path, creating a formidable challenge for attackers attempting to reverse engineer the code's memory layout. Even if there's an information leak, deciphering the specific order of functions becomes a monumental task due to the vast number of possible permutations. Consider the factorial of the number of functions in most programs—often exceeding 200. The result is an astronomical number of potential orderings, surpassing the number of atoms in the universe multiple times over. Our load-time function randomization offers unparalleled security, ensuring that leaked addresses don't immediately translate into exploitable vulnerabilities and enhancing secure software development. In complementing address space layout randomization, our functionality adds an extra layer of security. For systems already implementing ASLR, we seamlessly enhance your overall protection. If you lack ASLR, as evident in VxWorks 6.9, our randomization becomes an essential shield against potential threats. Comparing our load-time function randomization to control flow integrity highlights another advantage—minimal performance overhead. During program loading, you'll experience only a marginal increase in time, typically one to three additional milliseconds. Once in runtime, our technology operates without interfering, resulting in effectively 0% performance overhead. In contrast, control flow integrity implementations can typically range from 5% to 30% or higher, potentially compromising both performance and security. The flexibility of our load-time function randomization extends to environments employing control flow integrity. We offer a complimentary solution that doesn't compromise performance, making it an ideal choice for those prioritizing both security and efficiency. Make the switch to our RunSafe code and experience the benefits of secure and high-performance software that ensures control flow integrity.

RSSM: Mastering Secure Software Building with RunSafe Code: Comparing Protected and Unprotected Software Binaries

Preventing Vulnerability Exploits by Building Secure Software with RunSafe Code Protections

In this RunSafe Security Minute video, we create a side-by-side comparison to demonstrate the differences between traditional software builds without built-in protection and a software build that incorporates RunSafe code to safeguard against vulnerability exploits. In the first scenario, we utilize a standard software development environment that operates in a CentOS 7 setting with compilers, GCC, Python tools, and more installed to emulate the creation of a GPS logger program. As part of the build, we expose common vulnerabilities like buffer overflow and information leaks to illustrate the potential opportunities for threat actors to attack. For the scenario that leverages RunSafe Code, we start with a Docker file and install Alchemist and LFR (RunSafe Code) via an Artifactory repository – a simple install. Then, we execute the builds using LFR Helper Make. Even if your build script dates back 40 years, adding LFR Helper will enhance security effortlessly. When running, take note of how the vulnerabilities are easily exploited on the unprotected version, leaking information and creating a file. However, the same attempt on the RunSafe-protected version results in failure, which is signaled by a negative 11 return code, indicating a prevented seg fault. RunSafe Code uses patented Moving Target Defense (MTD) techniques to neutralize memory-related exploits. The simple addition of RunSafe code during build time creates an alternative to manual code analysis and continuous patching. You can build secure software by deploying RunSafe Code with a straightforward package install and the addition of LFR Helper to your build commands. This protection extends across various Linux environments, including Alpine, Debian, Ubuntu, CentOS, Rocky Linux, and Red Hat, with seamless integrations into AOSP, OpenWRT, Yocto, Build Root, and Artifactory, enabling developers to build secure software. Take action today to fortify your software effortlessly and prevent exploiting vulnerabilities with the addition of RunSafe code during build time.

RSSM: What metrics does RunSafe provide as evidence of value?

Metrics Analysis, Vulnerability Mitigation, and Future-Proofing with RunSafe Insights

In any business environment, the utilization of metrics stands as a cornerstone for informed decision-making processes within the organization. At RunSafe, our unwavering commitment to memory safety and comprehensive protection underscores the critical need for gleaning customer metrics and insights during our software immunization assessment phase. This collaborative approach not only enriches our understanding of customer needs but also empowers us to tailor our solutions to address their specific challenges effectively. Our engagement with customers entails a deep dive into their software builds, wherein we conduct a thorough analysis across two pivotal dimensions of metrics. Firstly, we embark on a meticulous examination of the Software Bill of Materials (SBOM), unraveling any known vulnerabilities inherent in the current software build. This foundational step serves as the bedrock upon which our vulnerability mitigation strategies are built. Leveraging RunSafe's expertise in this domain, we implement advanced techniques aimed at fortifying the security posture of the software. Empirical evidence from academic research underscores the significant potential for mitigation rates ranging from 40 to 70%, a testament to the effectiveness of our collaborative efforts. This validation reinforces our commitment to delivering tangible results that mitigate risks and enhance the resilience of software systems. In tandem with vulnerability identification and mitigation, we adopt a forward-looking approach to address unknown or zero-day vulnerabilities. By scrutinizing the code structure and employing sophisticated randomization techniques, we proactively fortify the software against emerging threats, thereby future-proofing it for tomorrow's challenges. As we navigate the multifaceted landscape of software security metrics and solutions, let us delve into the intricacies of our dual-focused strategy, where current challenges converge with innovative solutions, ultimately shaping the resilience of code in the ever-evolving digital landscape. Join us as we collectively explore new horizons and redefine the boundaries of software security excellence.

RunSafe Security DevSecOps DCCyberWeek Highlight Video Final

A highlight reel about RunSafe Security's DevSecOps bash featuring Nicolas Chaillan, Chief Software Officer of the United States Air Force.

Yocto, RunSafe and Memory Threat Immunization

“A great threat has become a great opportunity” IIoT World editor-in-chief Lucian Fogoros recently interviewed RunSafe Chief Technology Officer Doug Britton and Andrew Murray, QA Ninja about the impact of the yocto project, the rising number of vulnerabilities in the IoT industry and effortless way adding Alkemist to a yocto project eliminates those vulnerabilities. Blog Post: http://run-safe-security.test/blog/5-minute-memory-threat-immunization-for-yocto-build-environments/

RSSM: Software Development with Lynx and RunSafe – Enhance Efficiency and Mitigate Risks

Enhance Software Development Efficiency with Lynx and RunSafe's Synergistic Power.

Lynx Software Technologies’ (Lynx) clientele across aircraft manufacturers, industrial controls, defense systems, and IOT devices share a common goal: the reduction of costs, risks, and scheduling complexities. RunSafe is an all-encompassing solution that addresses these challenges in a unified package. It protects the LYNX MOSA.ic framework against 40-70% of the most common vulnerabilities with no developer impact. The seamless integration between RunSafe solutions and LYNX MOSA.ic streamlines processes, liberating clients from the burdens of labor-intensive bug chasing and emergency patch testing. Imagine reclaiming hundreds of labor years that were once dedicated to navigating the complexities of software development security patching. When managing cyber risks during software development, on-time deliveries, patch deployments, and developer efficiency often bear the brunt of unpredictable impacts. While software testing is undeniably essential, it doesn't capture every nuance. This is where RunSafe comes in – by residing on the customer's device, it proactively mitigates the majority of memory safety-related bugs, protecting against potential exploitation. The significance of this cannot be overstated. With RunSafe protections, developers are empowered to redirect their focus from constantly patching the latest bugs to enhancing software with value-added features. The result is a more streamlined and efficient software development experience that leverages the full potential of both the LYNX MOSA.ic framework and RunSafe solutions. Working with real-time operating systems provides extensive opportunities for innovation and risk. But with Lynx and RunSafe, innovation takes precedence over bug resolution, letting developers and product managers focus on creation rather than resolution. Lynx and RunSafe invite you to join them on this transformative journey to refocus software development on innovation. These cutting-edge solutions redefine the possibilities of software development. Embrace the power of synergy, efficiency, and risk mitigation – unlock a smoother and more productive software development experience with LYNX MOSA.ic and RunSafe at the forefront.

RunSafe Security Minute #2

RunSafe Security Minute #3

RunSafe Security Minute #1

What are the differences between a build-time SBOM and a binary-based SBOM?

Unpacking SBOM Differences: Build-Time vs. Binary-Based Approaches

Binary-based SBOMs are praised for their convenience, particularly in situations where full source access is limited or when working with legacy packages. However, as the video highlights, they often fall short in capturing critical details such as version information and dependency tree mapping. This is where build-time SBOMs come to the forefront, demanding access to the full source during compilation but providing a wealth of information for creating more informed SBOMs. With a real-world example featuring the Heartbleed exploit, viewers will understand how selecting the right SBOM method can save precious time and reduce stress in the software development process. So, join us in this enlightening discussion on SBOM differences and discover why "build time" might be the way to go for the most informative SBOM. Don't miss this opportunity to enhance your understanding of software cataloging and security.

How does RunSafe deploy code protections for applications built on real time operating system deployments?

Enhancing Code Protections for Real-Time Operating Systems

With RunSafe's VxWorks solution, we've fortified critical systems against memory corruption attacks and vulnerabilities, all seamlessly integrated without disrupting system operation. To make this happen, we had to update various Linux-focused interfaces to align with VxWorks counterparts. This entails addressing differences like environment variables and system libraries. We've introduced new methods for configuring and debugging protections, enhancing control over the VxWorks code protection process. Plus, our Linux tools have been adapted to a new Windows tool suite, simplifying integration with your VxWorks Workbench development environment. With just a few clicks and keystrokes, you can incorporate RunSafe protection into your project, ensuring the safeguarding of your deployment. Learn how we enhance code protections for real-time systems - an essential insight in today's fast-paced, security-conscious world.