New binary analysis tool for license compliance audits released
My friends at Loohuis Consulting and Opendawn have just announced the first public release of their novel binary analysis tool.
This is a modular (python) framework facilitating the audit of compiled object code. Using it, you can analyze executable code (programs/libraries) or entire filesystem images or even complete firmware images and search it for strings, symbol tables and the like. Using a corresponding knowledge base, it can match this information against information derived from software source code and thus give some indication of whether a particular source code seems to have been used to create the binary.
It doesn't do actual instruction-level analysis or any of that sort, but it can help to automatize some of the steps that a license compliance engineer so far had to do entirely manually.
Let's hope this is a successful launch and that the project will find contributors to grow beyond the initial feature-set.
Thanks to the nlnet foundation and the Linux Foundation for sponsoring this project. I'm sure it will soon become a vital tool in compliance engineering.