Back to the articles
Product Update #4
I am kind of behind on these product updates. We were releasing minor features and fixes during the past few weeks, but nothing to warrant a blog post on its own. This week, however, we have launched our PDF report generation feature, so we will do a bit of a catch-up with the rest of the changes as well.
PDF report generation
There is a strong expectation that security tools should generate long PDF reports that can be archived as evidence or shared with stakeholders. While we have had report sharing via links as a feature for a while now, it is not quite the same thing. We designed our report generation feature not only to be an alternative representation of our online report, but as a versioned snapshot of the findings and all the evidence we could gather to support them.
The generated report has two main sections:
- In the Findings section, we list all zero-day vulnerabilities found by PRIS™ and any other security relevant findings that are related to the firmware image itself.
- The Dependencies section shows the third party dependencies we could identify, as well as their known vulnerabilities.
The exact contents of the report could still be considered beta - we will continue to add more content and fine-tune the presentation of findings in the coming months.
One more chart
A newcomer to the report Overview page, the Scripting languages chart shows at a glance the scripting technologies used by the firmware image. Only the chart made it to this release, but rest assured we are working on giving more insight on the scripts themselves.
Localized date and time display
We used to display all dates and times in UTC using the US date format. That's fine, but we wanted to do better. Now when you first log in, your system's locale and time zone is tied to your account, and is used whenever dates and times are displayed. You can change these settings on your profile page.
- Fixed extraction of firmware images where mount points were detected on non-empty directories
- PRIS™ now fails less frequently when encountering invalid or extremely large binaries
- Improved type inference for variadic arguments in decompiled code fragments
- Pagination for Scans, Products and Projects now works, even if you have a lot of them
Expect another product update in 7 to 180 days. In the meantime, PDF reporting is available for a limited time even in our Free Plan - until the end of July, to be precise. So give it a whirl! Marketing tells me there is some sort of special offer going on, so be sure to check that out as well.