2023-10-16 –, Salle Europe
The composition binary analysis of apps and libraries can be a complex thing mixing multiple techniques. Let's review the techniques and FOSS tools to automate this analysis for binary formats such as bytecode, native Go and C/C++ ELFs and minified JavaScript.
I routinely analyze large app and system binaries to find out what they are made of and if they contain unknown software or vulnerable code.
I will highlight some useful FOSS tools such Lief, BANG, ScanCode.io, Elf inspector tools to support this short talk.
Join me to discover how you can determine what software goes into a binary to get back to its corresponding source (in a white box context).
I am a passionate FOSS hacker, lead maintainer of ScanCode, purlDB and VulnerableCode and on a mission to enable easier and safer to reuse FOSS code with best-in-class open source Software Composition Analysis (SCA) tools for open source discovery, license & security compliance at https://aboutcode.org
I am also a co-founder of SPDX and the creator of Package URL (purl) a de-facto standard to identify packages in SBOMs, SCA tools and vulnerability database used throughout the industry.