Open Source Due-Diligence: BinaryAnalysis

The Binary Analysis Tool – created by Loohuis Consulting and Opendawn, sponsored by the NLnet foundation and supported by the Linux Foundation -  automates some compliance engineering tasks using a  method designed to find license violations in embedded devices.

Open source due-diligence is complicated, and this binaryanalysis tool doesn’t replace its proprietary alternatives, but it might be extended building a customized knowledgebase. At the moment the tool supports:

  • Automated extraction of the version and configuration of BusyBox
  • Extraction of file systems
  • Automated checking for the Linux kernel
  • Brute force scanning of firmware