The worldwide number of connected IoT devices is expected to surpass 125 billion by 2030, equivalent to 15 connected devices for every person alive. The devices are increasingly critical in today's society and may contain sensitive data, why they are increasingly targeted by malicious attackers. In the security arms race, the reliability and trustworthiness of the software that runs these devices are therefore critical; a single vulnerability or coding mistake can cause major disruptions and even have fatal consequences, while having widespread consequences for the manufacturer.
Many organizations apply a tried and tested approach to addressing such vulnerabilities on a case by case basis as they are discovered and reported through routine testing, by external security researchers, or as part of ad hoc code review. While this approach may appear to reduce software risk from a certain instance of a problem, it does not effectively eliminate the risk. That's because logical variants of the problem often exist in the code; problems that are semantically similar to the reported vulnerability, but often syntactically different, and therefore almost impossible to find using traditional methods before it’s too late.
In this video you will get an overview of different source code related security vulnerabilities issues. You will learn how cutting-edge technologies allow security engineers and development teams to perform deep semantic code search and quickly write queries that reveal all variants of an identified security problem or critical coding error.
- IoT device security in a nutshell
- Vulnerability hunting using variant analysis
- Enterprise-wide security through automated variant analysis
- Live Demo