BINARLY

This year was an absolute triumph for Binarly! We made significant strides in software supply chain security for our customers, delivering solutions that resulted in a four-fold increase in revenue compared to the previous year. We also welcomed new, remarkable customers such as Meta, Cisco and have grown our existing customer base — including Dell Technologies, Framework, and OnLogic — all strong signals for the entire market. ✨Let’s review some significant milestones for Binarly in 2024!

Happy New Year of Research and Innovations!🌟

✨2024 was amazing year for BINARLY! GO GO TEAM 🚀

One significant challenge the industry faces with many security solutions on the market is that they often follow hype rather than address genuine customer pain points. From the very beginning at BINARLY, we made a conscious decision to focus on solving the software assets visibility problem to provide enterprises with a clearer understanding of their software supply chain. That’s precisely why our product, Transparency Platform, has been a cornerstone of our efforts since its initial public release in early 2023. One of the blind spots with many solutions on the market is not only the ability to identify direct relationships between components by extracting data from package managers, but also the need to delve deeper into the transitive dependencies, including statically linked components. Unfortunately, many of the available solutions struggle with this capability. The primary reason for this is that statically linked code lacks any information about these components beyond the code itself. To address this challenge, we require a powerful code analysis framework that operates at the binary level. To demonstrate the capabilities of Transparency Platform, I conducted a scan using the most recent firmware for the Kotron IIoT K3841-Q1 device (firmware), Ubiquiti UniFi OS for Enterprise Fortress Gateway (host OS), and UniFi U7 Pro Wall Wireless Access Point (firmware). The Kotron IIoT device, which we had previously scanned and found to contain known high-impact vulnerabilities, was also vulnerable to statically linked components that had not been updated for an extended period. Moreover, these vulnerabilities were present in firmware updates that were migrating from one version to another. However, what truly surprised me was the scan results from Ubiquiti’s most recent firmware release in late December 2024 and subsequent UniFi OS updates. We discovered hundreds of vulnerable dependencies that had available fixes. Additionally, Ubiquiti access points have been consistently under active attacks from multiple state-sponsored groups throughout the entire year. I recently highlighted issues with devices from TP-Link, but honestly, I don’t see a significant difference between TP-Link and Ubiquiti, which is quite a surprising revelation. Moreover, Ubiquiti has a more complex software stack that exposes far more potential attack surfaces. Let’s revisit my previous thoughts. We truly need more compliance and visibility on these devices, which forms the foundation of network infrastructure. Unfortunately, the current state poses a significant operational risk. Threat-sponsored attackers could disrupt the business or exfiltrate data, which is not an ephemeral risk and unfortunately, it’s happening daily. The time to take action is now!

One significant challenge the industry faces with many security solutions on the market is that they often follow hype rather than address genuine customer pain points. From the very beginning at BINARLY, we made a conscious decision to focus on solving the software assets visibility problem to provide enterprises with a clearer understanding of their software supply chain. That’s precisely why our product, Transparency Platform, has been a cornerstone of our efforts since its initial public release in early 2023. One of the blind spots with many solutions on the market is not only the ability to identify direct relationships between components by extracting data from package managers, but also the need to delve deeper into the transitive dependencies, including statically linked components. Unfortunately, many of the available solutions struggle with this capability. The primary reason for this is that statically linked code lacks any information about these components beyond the code itself. To address this challenge, we require a powerful code analysis framework that operates at the binary level. To demonstrate the capabilities of Transparency Platform, I conducted a scan using the most recent firmware for the Kotron IIoT K3841-Q1 device (firmware), Ubiquiti UniFi OS for Enterprise Fortress Gateway (host OS), and UniFi U7 Pro Wall Wireless Access Point (firmware). The Kotron IIoT device, which we had previously scanned and found to contain known high-impact vulnerabilities, was also vulnerable to statically linked components that had not been updated for an extended period. Moreover, these vulnerabilities were present in firmware updates that were migrating from one version to another. However, what truly surprised me was the scan results from Ubiquiti’s most recent firmware release in late December 2024 and subsequent UniFi OS updates. We discovered hundreds of vulnerable dependencies that had available fixes. Additionally, Ubiquiti access points have been consistently under active attacks from multiple state-sponsored groups throughout the entire year. I recently highlighted issues with devices from TP-Link, but honestly, I don’t see a significant difference between TP-Link and Ubiquiti, which is quite a surprising revelation. Moreover, Ubiquiti has a more complex software stack that exposes far more potential attack surfaces. Let’s revisit my previous thoughts. We truly need more compliance and visibility on these devices, which forms the foundation of network infrastructure. Unfortunately, the current state poses a significant operational risk. Threat-sponsored attackers could disrupt the business or exfiltrate data, which is not an ephemeral risk and unfortunately, it’s happening daily. The time to take action is now!

Merry Christmas from Binarly!🎄 🌟As we gather with loved ones to celebrate the holiday season, we're reminded of the importance of building secure, lasting connections -- both in our lives and in the supply chains that power our world. 🌟This year, we've made great strides in helping the world move toward less legacy code, fewer vulnerable dependencies, and a simplified, more secure supply chain. Together, we've worked to protect the foundation of modern technology, ensuring it remains resilient and trustworthy for all. 🌟To our customers, partners, and friends: Thank you for joining us on this journey. Your trust and collaboration drive us to push the boundaries of security innovation every day. 🌟Here’s to a bright 2025 filled with stronger connections, safer systems, and continued success! 🌟Stay secure. Stay merry. Stay gnarly. And let’s build a future where supply chains are as seamless as this holiday cheer! The Binarly family 🤙

At the early stages of a startup, especially when most of the company is remote, culture becomes a crucial component of success. It’s critical to find people with the right mindset when they focus on making a genuine impact on the industry, focusing on groundbreaking innovations, and tackling challenging problems. This is all about BINARLY and the people involved. Thank you all for another incredible year of success! “The people who are crazy enough to think they can change the world are the ones who do.” — Steve Jobs

At Cisco, we continuously seek out innovative startups with revolutionary solutions. These companies introduce cutting-edge technology that enhances our products, ensuring our customers have access to top-tier tools that maintain their competitive edge and uncover new business opportunities. Take a look at our portfolio companies in the December Startup Snapshot.👇 ▪️ Aisera ▪️ Aliro ▪️ AppOmni ▪️ Aviz Networks ▪️ BINARLY ▪️ Corellium ▪️ Fiddler AI ▪️ HYCU, Inc. ▪️ JupiterOne ▪️ Lightbits Labs ▪️ Lightning AI ▪️ SGNL ▪️ Securiti ▪️ Theta Lake ▪️ Uniphore ▪️ Upstream Security ▪️ VISO TRUST 🔗 https://hubs.ly/Q0305Yk60 #CiscoInvests

I checked the latest firmware for the portable TP-Link TL-WR1502X AX1500 Wi-Fi 6 Router. The shocking truth is that such products should be banned from the market since they are essentially backdoors into any network. However, the problem is that all SOHO vendors are the same, and without compliance pressure, nothing will change.

HP Wolf Security’s new study makes it clear: platform security gaps across the entire device lifecycle are a critical but overlooked problem. From supplier audits to firmware neglect to end-of-life device disposal, these weaknesses expose organizations to risks they can’t see—and often can’t fix (source: https://lnkd.in/g_Dp5djn). Let’s break it down: ➡️ Supplier Failures -- The data is alarming: 34% of organizations say a supplier failed a cybersecurity audit in the last 5 years. 18% terminated contracts because the failure was too severe. 60% report that lack of IT and security involvement in procurement decisions puts the business at risk. Blind trust in suppliers doesn’t cut it anymore. Binarly’s Transparency Platform removes the guesswork by delivering evidence-based firmware security—from supplier validation to real-time risk detection. It’s time to stop trusting and start verifying. ➡️ BIOS & Firmware Neglect - Firmware remains one of the weakest links in enterprise security: Over 50% of IT leaders say BIOS passwords are shared or too weak. 53% rarely change BIOS passwords over the device’s lifetime. 57% admit they suffer from FOMU—Fear of Making Updates -- leaving systems vulnerable. Firmware vulnerabilities are a major weak spot and give attackers persistent, low-level control over devices. Binarly identifies and eliminates these risks before attackers can exploit them, closing one of the biggest gaps in endpoint security. ➡️ Lost & Stolen Devices - Lost or stolen devices cost organizations $8.6 billion annually. Shockingly, it takes the average employee 25 hours to notify IT about a missing device. What happens in the meantime? Sensitive data and firmware vulnerabilities are ripe for exploitation. Binarly ensures devices remain protected—whether active, stolen, or decommissioned—by securing them at the firmware level. The bottom line:  HP’s report underscores a global platform security crisis. Firmware vulnerabilities are not just overlooked—they’re often invisible. But ignoring these risks can cost organizations billions. Binarly’s supply chain security solutions eliminate these risks where they begin: deep in the firmware. From supplier audits to device decommissioning, we deliver the transparency and resilience businesses need to secure their endpoints across the entire lifecycle. Stop relying on blind trust. Secure your supply chain with Binarly Transparency Platform. ⚙️ Try it yourself: https://risk.binarly.io   #supplychainsecurity #firmware #cybersecurity #bios #passwords #platformsecurity