Framework makes sustainable electronics that are built to last. In thi video, Kieran Levin, lead system architect at Framework describes how their partnership with Binarly allows them to audit and validate their firmware and software supply chain across ODM and IBV vendors.
My name is Kieran Levin. I'm the lead system architect at Framework Computer. We're a startup based in San Francisco and we build modular and upgradeable laptops and other devices.
The purpose of our company is to make sustainable electronics. Our company's been growing a lot over the last year.
And this brings a bunch of unique and exciting upgradeable experiences to our product line.
Firmware security is really important for us because we are shipping a long-lived product that we want to last and be usable for many years in the future. That means being able to provide security updates for our product and understand that existing products that we ship are secure or are vulnerable to newly discovered vulnerabilities that are coming out. Another part is, as we're growing our company, we want to be able to serve different business-to-business customers that may have more requirements around firmware security for our products. And being able to use Binarly to do some of these auditing steps is going to allow us to provide a stronger firmware security policy around our products that can show us the best of the best of the best. We're creating a firmware security policy that can show our customers that our products are secure and that they can depend on what we're selling both today and as they use their product in the future after they purchase it.
We actually met Binarly when we started shipping our first product and we wanted to have first class Linux support on our product. So we integrated our firmware releases into the firmware update service or LVFS. So from there, we had an introduction to Binarly and we've started working with the team ever since.
As we've continued that relationship, we started using the Binarly vulnerability scanner to scan and track vulnerabilities in our products. And that's allowed us to identify those vulnerabilities and then work with our vendors to fix them. And this has been really great because it gives us a lot of visibility into our firmware supply chain. And because of that, we're actually able to deeply look into those binaries, find vulnerabilities through the firmware supply chain, which for us is not just a single vendor. We get components from our ODM, which is doing the final build of our BIOSes. It's also finding vulnerabilities in the IBV vendor, the BIOS vendor that's providing sort of the core functionality for a platform. And it's also allowing us to find vulnerabilities that may come from other sources like third party libraries or the SOC vendor as well that we can start looking at and trying to patch, which is really exciting for us because without having this information and deep knowledge, it's super hard to even pinpoint or know that a vulnerability exists in our firmware.
When we first started using Binarly two years ago, it was great because we knew that a vulnerability existed. And today we can actually see that there's a vulnerability. We know where the vulnerability is and what module and even potentially what line of code the vulnerability is at with the addition of symbol debugging and things like that. And it just looks incredible in terms of the ability to be able to very quickly find the vulnerability, understand exactly where it is, what it is, and how to fix it.
Are you interested in learning more about The Binarly Transparency Platform? Don't hesitate to contact us.