Riscure announces the successful completion of the SBIR-AVR project funded by the Netherlands Enterprise Agency. This project enabled Small Business Innovation Research across a variety of topics, one of them being Automated Vulnerability Finding. Riscure participated in two phases of the project, starting from November 2021 and concluding the work in July 2023. Riscure’s contribution focused on fuzzing in the embedded systems domain and aimed to provide developers a practical means to improve the security of their software.
The objective of Riscure’s participation in SBIR-AVR was to make fuzzing as a security testing method technology feasible for developers of embedded software. Eventhough a number of open source fuzzing technologies are available, applying them effectively in a real-world environment for development of embedded software isn’t as straightforward as one may think. Many development teams lack knowledge and resources to effectively test their code with fuzzing techniques. When the specifics of embedded software are taken into account, fuzzing enables efficient discovery of security issues and their mitigation earlier in the development process.
By participating in this effort, Riscure has successfully contributed its expertise in device security to a wider audience of software developers. Additionally, Riscure has integrated the open source LibFuzzer library into Riscure True Code. This implementation is optimized for use in a CI/CD pipeline for embedded software. It enables developers of embedded software to focus on finding and resolving vulnerabilities in their code, rather than worrying about implementation issues around the generic LibFuzzer.
Durga Lakshmi Ramachandran, Innovation Director at Riscure, commented: “Riscure continues to contribute to public efforts aimed at improving the overall state of security, particularly when embedded devices are involved. We continue our collaboration with government programs and academia in the ongoing developments, such as the PROACT project aimed to boost the robustness of IoT systems and a collaboration with Radboud University on Side Channel research. Each of these projects enables Riscure to share its expertise in the public domain, but also improves our own security tools with the knowledge obtained during the research”.
You can learn more about Riscure’s ongoing research about fuzzing in embedded systems in our series of blog posts.