> ## Documentation Index > Fetch the complete documentation index at: https://docs.binarly.io/llms.txt > Use this file to discover all available pages before exploring further. # Glossary This section defines key technical terms used throughout the Binarly Transparency Platform documentation, with practical examples to demonstrate their application. **Algorithm Compliance** * Definition: The classification of a detected cryptographic algorithm as current, deprecated, weak, or quantum-vulnerable. Active compliance reporting is scoped to NIST IR 8547 (post-quantum cryptography); weak and deprecated classifications are informational, derived from industry consensus. * Example: The platform flags an MD5 hash function as deprecated and an RSA signing key as quantum-vulnerable, providing compliance context alongside each finding. **API (Application Programming Interface)** * Definition: A set of endpoints and tools allowing external applications or systems to communicate programmatically with the Binarly Transparency Platform. * Example: A development team uses the API to automate binary uploads and fetch vulnerability results within their CI/CD pipeline, reducing manual efforts and ensuring timely security assessments. **Binary Image** * Definition: A machine-readable file representing compiled firmware, software, or containerized environments. The platform analyzes binary images to detect vulnerabilities, misconfigurations, and malicious code. * Example: A firmware engineer uploads a .bin file for a router to the platform, which scans and identifies a critical vulnerability in a specific module. **CBOM (Cryptographic Bill of Materials)** * Definition: A structured inventory of all cryptographic materials - algorithms, protocols, certificates, and keys - discovered within a scanned binary image, exported in CycloneDX JSON format. * Example: After scanning a firmware image, the platform generates a CBOM documenting every cryptographic algorithm and certificate found across all components, enabling a compliance review against NIST standards. **CI/CD (Continuous Integration/Continuous Delivery)** * Definition: A software development practice that automates code integration, testing, and delivery. Integrating the Binarly Platform into a CI/CD pipeline ensures security scans occur automatically with each software build. * Example: A development team configures Jenkins to upload compiled binaries to the platform, enabling automated vulnerability scans before deployment. **Cryptographic Material** * Definition: Algorithms, protocols, certificates, and cryptographic keys detected within a binary image during static analysis. The Binarly Transparency Platform surfaces these as a dedicated finding type in the Cryptographic Materials tab. * Example: A scan of a router firmware image reveals embedded RSA-1024 keys, an expired X.509 certificate, and usage of MD5 - all cataloged as cryptographic material findings. **CycloneDX** * Definition: A standardized, lightweight SBOM (Software Bill of Materials) format for software security and supply chain transparency. * Example: After analyzing a firmware image, the platform generates a CycloneDX SBOM to document all software components. This enables the enterprise to track vulnerabilities in specific libraries. **Dependency Analysis** * Definition: Identifying and analyzing software components, including direct and transitive dependencies, to detect vulnerabilities or risks. * Example: A supply chain manager uses the platform to identify hidden dependencies in IoT device firmware that were not declared in the vendor-provided SBOM. **Firmware** * Definition: Low-level software that provides essential functionality for hardware devices, such as servers, routers, and IoT systems. Firmware operates as the interface between hardware and higher-level software. * Example: Using the platform, a security analyst scans a server’s BIOS firmware and identifies configuration weaknesses that could allow unauthorized bootloader access. **GUID (Globally Unique Identifier)** * Definition: A unique identifier referencing specific firmware modules or components within binary images. * Example: When reviewing scan results, an analyst uses the GUID to pinpoint the firmware module containing a high-severity vulnerability. **Malicious Code Detection** * Definition: Identifying harmful or suspicious code embedded within binaries, such as malicious hooks, implants, or known threats. * Example: The platform detects malicious implants hidden in a UEFI firmware image, highlighting the code’s location and functionality for immediate investigation. **Mitigation Failure** * Definition: A condition where a general coding best practice or security measure has not been applied or Secure by Design principles have not been implemented. * Example: A firmware scan reveals that many binary functions do not leverage Stack Canaries or Control Flow. **NIST IR 8547** * Definition: A NIST Interagency Report defining the timeline and recommendations for transitioning from quantum-vulnerable cryptographic algorithms (such as RSA and ECDSA) to post-quantum cryptographic standards. * Example: The platform's PQC Compliance Report references NIST IR 8547 to flag quantum-vulnerable algorithm usage and provide migration guidance aligned to short, mid, and long-term transition timelines. **PQC (Post-Quantum Cryptography)** * Definition: Cryptographic algorithms designed to be secure against attacks by quantum computers. NIST has standardized PQC algorithms including ML-DSA (CRYSTALS-Dilithium) and SLH-DSA (SPHINCS+) to replace quantum-vulnerable algorithms such as RSA and ECDSA. * Example: A security team uses the platform's PQC Compliance Report to identify all instances of quantum-vulnerable RSA and ECDSA usage in firmware and plan migration to ML-DSA per NIST IR 8547 guidance. **SBOM (Software Bill of Materials)** * Definition: A detailed inventory of software components, libraries, and dependencies within a binary image. SBOMs enable organizations to understand the software composition of deployed packages within their environment. Example: The platform generates an SBOM for a scanned firmware image, enabling the organization to verify all components and cross-check for vulnerable versions. **SPDX (Software Package Data Exchange)** * Definition: An open standard format for creating and sharing SBOMs, enabling consistent software components and metadata documentation. * Example: After analyzing a firmware binary, the platform exports an SPDX-formatted SBOM that can be used in compliance reports. **Stack Canary** * Definition: A security mechanism that detects and prevents stack buffer overflow attacks. A canary value is placed between a function’s local variables and control data (e.g., return address) and validated before the function returns to detect tampering. * Example: Before returning from a function, the system verifies the integrity of the stack canary. If the canary value has been altered, the program terminates to prevent exploitation. **Supply Chain Security** * Definition: The practice of validating software components and ensuring they are free from risks introduced through third-party suppliers. * Example: An organization uses the platform to validate third-party firmware for IoT sensors, uncovering undocumented components and hidden vulnerabilities. **Transitive Dependencies** * Definition: Software components that are not directly included but are brought into a project by other dependencies. * Example: During analysis, the platform identified a vulnerable transitive dependency within a firmware library not listed in the original SBOM. **UEFI (Unified Extensible Firmware Interface)** * Definition: A modern firmware standard that replaces the legacy BIOS, providing advanced boot capabilities and security features. * Example: The platform scans UEFI firmware and detects a memory corruption vulnerability in an SMM (System Management Mode) handler, requiring immediate remediation. **Vulnerability Analysis** * Definition: The process of detecting, classifying, and assessing security weaknesses within binary images based on severity and potential impact. Example: A firmware scan reports vulnerabilities with detailed CVSS scores, descriptions, and remediation guidance, allowing engineers to prioritize fixes. **Zero-Day Vulnerability** * Definition: A security flaw unknown to the vendor and does not yet have a patch, making it highly exploitable. * Example: The platform detects an unknown vulnerability in an IoT firmware module, enabling the security team to address it before exploitation occurs.