BRACELET

Challenge

Many systems deployed at scale rely on complex software supply chains composed of numerous components, frameworks, libraries, and services. While these distributed ecosystems enable organizations and systems to leverage established building blocks and innovate quickly, their size and complexity makes comprehensive understanding challenging. 

When vulnerabilities are discovered in software it takes days and even weeks for organizations to assess whether their infrastructure is at risk, and to implement a plan to remediate those risks. A major cause of this delay is the lack of effective tools for determining with high certainty whether flawed code is actually reachable within a production system, particularly for C/C++ binaries.‍

Solution

As part of the DARPA Enhanced SBOM for Optimized Software Sustainment (E-BOSS) program, Galois’s BRACELET (Binary Reachability Analysis with Compiler-Enhanced Lifting for Execution and Triage) project fills this gap by developing new tools for rapidly assessing whether a vulnerability is reachable within enterprise C/C++ binary software and triaging crashes in deployed software to determine their root cause.

These tools will be enabled by improvements to existing open-source software build chains and runtime systems that enhance and complement software bill-of-materials (SBOM) technologies by incorporating additional metadata about software structure and dependencies. The enhancements will also simplify the process of quickly mitigating vulnerabilities via micro-patching, along with other software maintenance tasks such as optimization and profiling.

Value Add

• Saved Time and Money: Automates complex debugging and triage processes, reducing manual effort and associated costs

• Decreased Risk: Enhances security posture by pinpointing vulnerabilities and enabling faster remediation

• Increased Understanding of Software Supply Chain Dependencies: Improves visibility into dependencies, fostering more resilient and maintainable software systems.