Previous version Release Notes can be accessed here.
Note on release
This release is a GA release.
TABLE OF CONTENTS
What's changed with this release:
Global binary search (search for any binary analyzed on the platform by name).
Global CWE search (search for any binary analyzed on the platform by CWE discovered).
Weak pointers and path-finding assessments.
Improved ISA/IEC 62443-3-3 and 62443-4-2 Standard to CWE Mapping (accuracy and quantity).
Improvements to our decompilation technique (modifying the decompiler used depending on the type of file uploaded).
- Unassessable binaries are now given additional rationale for why they are unassessable upon being clicked.
ObjectSecurity OT.AI Platform General Release v1.1.0 added a number of new convenience features as well as made improvements to already existing features.
New Feature: Global Binary Search
With the addition of the global binary search feature, the user may perform asset searches based on asset name. To use this feature, click "assets" as the search type and type the asset's name into the search bar.
New Feature: Global CWE Search
With the addition of the global CWE search feature, the user may perform asset searches based on CWEs contained within the assets. To use this feature, click "CWE" as the search type and type the asset's name into the search bar.
New Feature: Weak Pointers and Path-finding Assessments
With the addition of the weak pointers assessments, the user may now discover weak pointers and the paths to access those.
What are Weak Pointers and how does it contribute to OT/ICS binary analysis for vulnerabilities?
Weak Pointers is a novel binary code analysis science that automates identification of known code vulnerabilities and weaknesses, like buffer overflow.
To speed remediation of code weaknesses, the ObjectSecurity OT.AI Platform provides the path of the weakness (also known as a Weak Pointer) guiding DevSecOps and Application Security specialists to zone in directly to the problem lines of code that need to be remediated.
Once the code has been remediated, the repaired binary files can be re-uploaded to the ObjectSecurity OT.AI Platform for another round of vulnerability analysis. A green light report informs you that the code is ready for production. A yellow or red light report informs you that additional remediation is needed before committing the code to production.
Each round of binary file code analysis is recorded in the Audit Log.
Have suggestions or concerns?
Please contact our customer satisfaction team and submit your feedback/questions here.
Was this article helpful?
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
We appreciate your effort and will try to fix the article