Key Capabilities / Features

RunSafe offers fully automated memory protection and vulnerability remediation, seamlessly integrating into existing CI tools without affecting performance or requiring code rewrites. Key benefits include comprehensive SBOM generation, reduced attack surfaces, and enhanced security for open-source and proprietary components, allowing developers to focus on innovation.

Past attempts to protect software memory include Address Space Layout Randomization (ASLR) and Control Flow Integrity (CFI). With regard to ASLR, because the solution is simply an offset in memory, a single information leak leads easily to an attacker’s exploit to still succeed. RunSafe randomizes memory at the function level - which is far more granular - so that the randomization is not referential. An information leak may result in identifying one random function but the attacker still can't find any of the other functions. Our diversity in randomization prevents the exploit from succeeding. Given the average binary contains 228 functions, our diversity achieved from software load to software load is 10^228 on average.

RunSafe has substantial advantages in both deployment costs and performance. RunSafe is an automated tool that does not require any prior knowledge of the control flow prior to applying our protections whereas CFI requires analysis of the full control flow graph and extensive testing before its protections can be applied - otherwise it runs the risk of breaking the functionality and causing the code to crash. Additionally, because a full control graph with CFI could add 10-20% overhead, most CFI systems optimize what guard rails get added to help reduce the overhead hit to the system performance. This leads to unprotected aspects of memory due to performance trade offs. There is no prior knowledge is needed and no optimizations are required to improve system performance. our overhead remains less than less less than 1%.

How we are different

We automate the generation of SBOMs, identify vulnerabilities and score attack surface reduction, and automate remediation, and we capture software crashes to identify bugs or attacks. We do this all from open source to in-house code to runtime - with a feedback loop. Our platform is extensible beyond our core protections around memory safe languages and we expect to continue to add value in an automated fashion with our unique methods of disrupting hacker economics.

Fully Automated Security and Remediation: Unlike competitors such as Karamba and Sternum, RunSafe offers a fully automated process that integrates seamlessly into existing CI tools like GitLab or GitHub. This automation allows for continuous security at build time without disrupting development workflows or requiring manual intervention, saving developers time and ensuring that security doesn't slow down new feature development.

No Impact on System Performance or Code Rewrites: RunSafe provides memory protection without impacting system performance or requiring code rewrites, which is a distinct advantage over competitors like Morphisec and Red Balloon. By relocating software functions in memory at load time, RunSafe mitigates memory-based vulnerabilities without altering system behavior or introducing runtime changes, making it more efficient than solutions that require performance compromises.

Comprehensive SBOM Generation and Remediation: RunSafe stands out against SBOM-focused competitors like Snyk and Synopsys by not only generating a complete SBOM at build time but also automating the remediation process. Unlike these competitors, who often miss dependencies and require manual updates to open-source software, RunSafe builds SBOMs with perfect information and automates the entire remediation process, eliminating vulnerabilities without developer intervention.