Quesma's New Tool Lets Companies See Inside the Software They Buy

When a company buys commercial software, it operates largely on trust. The assumption is that the vendor has secured its product and cleared all legal hurdles. But what if that expensive, closed-source binary contains hidden, vulnerable open-source parts? Database middleware firm Quesma has introduced a free tool designed to answer that very question.

The tool, called BinaryAudit, performs a Software Composition Analysis directly on compiled software binaries. Users upload a file through a web interface, and the tool generates a report listing the open-source components found inside, along with any known security vulnerabilities and their licensing terms. This process requires no access to the underlying source code, offering a rare window into the makeup of black-box software.

For procurement and security teams, this addresses a critical asymmetry. Buyers have historically had to accept a vendor's word about what their software contains. BinaryAudit allows for independent verification. This capability is arriving as global regulations, like the EU's forthcoming Cyber Resilience Act, push for greater software transparency through mandates like Software Bills of Materials (SBOMs). While vendor-provided SBOMs are a step forward, tools like BinaryAudit enable buyers to check the facts themselves.

Quesma, known for helping businesses migrate between database systems, developed BinaryAudit after facing similar scrutiny challenges internally. The company is offering it free of charge, positioning it as a practical resource for risk assessment before purchase or deployment. While binary analysis is technically complex and can have limitations, the tool's accessibility makes basic due diligence feasible for organizations that previously had none. Its presence signals a market moving from blind trust toward evidence-based assurance.

Source: Webpronews