Security Scan Checks Binary Open Source
A Korean startup launched an online service that uses a novel approach to scan open source code for known security flaws. Insignary, Inc. let’s users scan files of up to 5 Mbytes for free on its Web site but charges for larger files and more detailed reports.
Source: Rick Merritt
The code looks for function and variable names and other constants that don’t vary among different compilations of a program. After identifying programs it checks open source repositories for known security flaws.
The company maintains a database compiled from hundreds of thousands of open source repositories its searches. It uses a free U.S. Homeland Security database and a licensed repository to check for published security flaws.
A variety of tools help OEMs manage open source licenses and check security, but only work on source code, not binary files. Others have tools that identify binary programs using checksums but they can fail to detect programs created using different compilers. Synopsys supplies a tool that uses hashing algorithms, supporting more accurate binary scans.
“Our customers say we do better on the benchmarks,” said Taejin Kang, CEO of Insignary.
The startup was founded in 2016 and released in April its software to its first two paying customers, large hardware OEMs in Korea and Japan. It has two dozen other OEMs in China, Korea and Japan evaluating the software.
“We are trying to get people to know about this capability and how well it performs,” Kang said explaining the free online service.
The company charges a base price of $100,000 per server per year for customers to run its Insignary Clarity program on their systems. Alternatively it lets users access a complete Web service the startup hosts for $3,000 per scan.
The company is venture backed and seeking a Series A round to help fund operations in the U.S. including in Silicon Valley. Kang joined the company six months ago after a varied career leading startups in Korea and spending the last nine years working for Samsung and a Korean carrier.