Open Source Due-Diligence: BinaryAnalysis
The Binary Analysis Tool – created by Loohuis Consulting and Opendawn, sponsored by the NLnet foundation and supported by the Linux Foundation – automates some compliance engineering tasks using a method designed to find license violations in embedded devices.
Open source due-diligence is complicated, and this binaryanalysis tool doesn’t replace its proprietary alternatives, but it might be extended building a customized knowledgebase. At the moment the tool supports:
- Automated extraction of the version and configuration of BusyBox
- Extraction of file systems
- Automated checking for the Linux kernel
- Brute force scanning of firmware