Description

Vulnerability remediation is a critical but traditionally time-consuming and reactive process, often requiring significant effort to address flaws while ensuring system stability. Effective remediation goes beyond identifying vulnerabilities—it ensures they are fixed with precision, maintaining the system’s intended functionality while eliminating risks.  To transform this paradigm, our approach focuses on delivering efficient, high-assurance solutions for fixing vulnerabilities. High-assurance, low-cost binary patching enables rapid and reliable fixes for legacy systems without requiring source code or recompilation, while automated binary hardening proactively strengthens software against potential exploits. Advanced techniques like source code patch transfer facilitate applying proven fixes across similar programs, enhancing efficiency and consistency. Verification processes, whether for source or binary patches, ensure that vulnerabilities are resolved without introducing new issues, preserving correct behaviors and system stability. Finally, low-overhead dynamic protections can automatically close entire classes of vulnerabilities without any effort.  By streamlining and automating remediation workflows, we aim to shift vulnerability fixing from a reactive burden to a proactive and scalable solution, protecting critical systems from evolving threats.

Solutions

  • CodeHawk: Analysis and Patching Platform

Projects

AMdP

Vulnerability remediation capabilities for EoL medical devices with firmware change understanding.

PI: Ricardo Baratto

Technical Areas: Static Analysis, Binary Patching, Vulnerability Discovery, Vulnerability Remediation

DRIFT

Enhancing SBOMs to solve vulnerability discovery, reachability and remediation.

PI: Michael Gordon

Technical Areas: Static Analysis, Dynamic Analysis, Binary Patching, Supply Chain Security, Vulnerability Remediation, Vulnerability Reachability

Arya (TA3)

High-Assurance, Decentralized, Autonomous Agents for Neutralizing Botnets

PI: Michael Gordon

Technical Areas: Runtime Protection, Software Correctness, AI / ML, Vulnerability Remediation

MRAM

Low-cost and high-assurance binary patching for the masses

PI: Michael Gordon

Technical Areas: Static Analysis, Binary Patching, Software Correctness, Vulnerability Remediation

Aria

Transforming AppSec with in-application, zero-trust privileges and secure computation offloading.

PI: Ricardo Baratto

Technical Areas: Runtime Protection, Supply Chain Security, Vulnerability Discovery, Vulnerability Remediation, Vulnerability Reachability

Sansa

Static analysis to (1) eliminate injection vulnerabilities and (2) understand code segments with queries.

PI: Jeff Perkins

Technical Areas: Static Analysis, Supply Chain Security, Vulnerability Discovery, Vulnerability Remediation, Vulnerability Reachability

Recent Blog Posts and News

Papers