Novel ‘Automated Program Analysis’ Technique Drastically Improves Internet of Things and Embedded Systems Security

Resulting Cybersecurity Tech More Accurately Detects Exploitable Vulnerabilities

CHANTILLY, Va., June 01, 2023 (GLOBE NEWSWIRE) -- OP[4], a pioneer in automated firmware security, announced today that a new “automated program analysis” technique it has developed for finding and fixing exploitable vulnerabilities in Internet of Things (IoT) devices and embedded systems is vastly more effective than existing cybersecurity methodologies.

The findings have significant implications for the commercial IoT industry, which is growing at a rate that outstrips efforts to ensure sufficient security for billions of systems and devices.

Unlike existing technologies, the technique, which relies on the integration of static, dynamic, and symbolic program analysis methodologies, can accurately find, verify and differentiate between vulnerabilities that put a device at real risk of a breach, and benign issues that may be present in the software supply chain but are not actually exploitable. Additionally, it prioritizes verified weaknesses by risk level so development teams can focus resources on those most critical to safety and compliance.

“Competitors would have you believe that finding more vulnerabilities is better,” noted OP[4] CEO and Co-founder Irby Thompson. “This is because their technology can’t actually distinguish between exploitable vulnerabilities and those that don’t impact the health and safety of your products. We created OP[4] to directly address this issue, so development teams can efficiently focus resources on the vulnerabilities that need to be remedied and don’t waste time and money on those that don’t.”

The company developed its technique under contracts with DARPA and AFWERX, and is currently delivering its resulting automated firmware security system to the U.S. government. Over the past six months, it has adapted this system for the commercial sector, and is now launching its first two products based on this pioneering approach.

The first is its cornerstone product, Aggressor, a groundbreaking program analysis and remediation tool that automatically detects, validates, prioritizes, and helps remediate known N-Day and novel 0-Day vulnerabilities. Aggressor analyzes third-party security risks during the product design stage to ensure quality before a product build; finds and fixes software bugs during product development; and ensures a clean bill of health through validation before deployment.

The second product, built on Aggressor technology and designed as a companion to Aggressor, is a real-time, subscription-based threat monitoring engine, called the Interrogator, which provides ongoing analysis and alerts on emerging exploitable threats in products that have already been released. The two products together offer a holistic strategy for proactive cybersecurity support across the full life cycle of IoT and embedded systems products, from development and deployment to end-of-life.

The products have initially been designed to serve the following sectors:

  • Consumer Electronics
  • Industrial IoT
  • Aerospace & Defense
  • Telecommunications
  • Medical/Healthcare

"Automated program analysis techniques have traditionally been the domain of academic research,” noted binary analysis expert and OP[4] CTO and Co-founder Scott Lee, who oversees the development of the technology for the company. “When applied to real-world IoT and embedded systems, we have achieved a remarkable improvement in the accuracy of automated identification of exploitable software defects in commercial sector products."

About OP[4]
Founded in 2022 and headquartered in Chantilly, VA, OP[4] is a trailblazer in automated firmware security. Utilizing technology created through DARPA and productized under AFWERX for U.S. national defense, OP[4]‘s automated platform simulates a running device to distinguish between active and inactive code, analyzing risk at the binary code level, and filtering out noise to detect, validate, prioritize, and remediate exploitable N-Day and 0-Day vulnerabilities. Join the firmware security revolution at


Contact Data