BlackBerry announced on Monday the launch of Jarvis, a new cybersecurity service designed to help companies in the automotive and other sectors find vulnerabilities in their software.
Jarvis has been described by BlackBerry as a cloud-based static binary code analysis software-as-a-service (SaaS) product. The tool is currently used by automakers, including Britain’s largest car maker, Jaguar Land Rover, but BlackBerry says it is ideal for other types of organizations as well, including in the healthcare, aerospace, defense, and industrial automation sectors.
Modern cars use hundreds of software components, including many provided by third-party vendors across several tiers. While this approach has some advantages, it also increases the chances of vulnerabilities making it into the software somewhere along the supply chain.
Jarvis aims to address this issue by scanning code and offering actionable information within minutes. In addition to finding vulnerabilities, the service also helps ensure compliance with various standards.
BlackBerry claims the new product performs tasks that would require a large number of experts and a lot of time, which should help companies save money. The tool can be integrated with existing development tools and APIs.
“Connected and autonomous vehicles require some of the most complex software ever developed, creating a significant challenge for automakers who must ensure the code complies with industry and manufacturer-specific standards while simultaneously battle-hardening a very large and tempting attack surface for cybercriminals,” said John Chen, executive chairman and CEO of BlackBerry.
“Jarvis is a game-changer for OEMs because for the first time they have a complete, consistent, and near real-time view into the security posture of a vehicle’s entire code base along with the insights and deep learning needed to predict and fix vulnerabilities, ensure compliance, and remain a step ahead of bad actors,” Chen added.
Jarvis is an online tool that can be used by companies as a pay-as-you-go service. The product can be customized for each organization’s needs and their specific supply chain, allowing them to scan code at every stage of the development process.