San Diego, Calif. – May 24, 2024 – ObjectSecurity, a leader in solving complex, evolving defense and industrial cybersecurity and supply chain risk challenges, today announced that it has been awarded a contract option [2] in 12/2023 for a Small Business Innovation Research (SBIR) contract from the Defense Advanced Research Projects Agency (DARPA).

Based on the original solicitation entitled, “Third Party Verification of COTS Compliance with Requirements” [1], the focus of the Phase II SBIR is to “develop and test lightweight techniques by which third parties can conduct rapid post-market product verification and validation of vendor software compliance with usage requirements”. As stated in the solicitation, the solution should – “identify vulnerabilities and defects in the software and firmware of high-risk, cyber-physical systems such as an unmanned sensor, unmanned ground vehicles, Internet of Things (IoT) devices, or medical devices that have the potential to impact on a national scale. The developed techniques should produce direct evidence that the system under analysis faithfully implements its requirements with some degree of confidence.” [1]

In the “Third Party Verification of COTS Compliance with Requirements (VeriCoR)” project, which started 11/2022, ObjectSecurity LLC aims for successful technology development, DoD fielding and commercialization that will result in addressing requirements assessments and vulnerability research for embedded devices. Since 2022, the project researches and develops “a solution for automated analysis of embedded devices with support for Human-in-the-Loop (HITL) operation”, “with as much automation as possible”. The developed solution includes “a novel Domain Specific Language (DSL) which acts as a bridge between the operator and low-level implementation of instruments performing binary analysis.” [2]

ObjectSecurity LLC will continue to research and develop a number of innovative approaches to binary analysis, including lifting, analysis in static and dynamic analysis, Artificial Intelligence and Machine Learning (AI/ML), and more [2].

“The Option Period award of this Phase II SBIR contract is an important milestone for ObjectSecurity and underscores the strength of our science innovation that underwent rigorous peer review. It allows us to prioritize research efforts into needed features for the DoD and others,” said Ulrich Lang, CEO of ObjectSecurity. “SBIR contracts allow us to research and develop advanced concepts that feed into rapid product development, enabling us to commercialize next-generation innovative products that will bring tremendous value to the military, and our customers across all industries. The VeriCoR effort has already directly fed and will continue to feed into our ObjectSecurity OT.AI™ Platform, which is at Technology Readiness Level (TRL) 9.”

ObjectSecurity OT.AI™ Platform [4] is a binary vulnerability analysis product for embedded systems, which includes ECUs. Most of our solutions leverage state-of-the art approaches such as dynamic analysis, microexecution, rehosting, simulation, Artificial Intelligence and Machine Learning (AI/ML) and more. We are committed to leading this initiative with DARPA to protect COTS devices from adversaries by delivering advanced next-generation security technology solutions.” [3]

“The Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) programs are highly competitive programs that encourage domestic small businesses to engage in Federal Research/Research and Development (R/R&D) with the potential for commercialization. Through a competitive awards-based program, SBIR and STTR enable small businesses to explore their technological potential and provide the incentive to profit from its commercialization. By including qualified small businesses in the nation’s R&D arena, high-tech innovation is stimulated, and the United States gains entrepreneurial spirit as it meets its specific research and development needs.” [3]

About ObjectSecurity

ObjectSecurity LLC is a leader in solving complex, evolving defense and industrial cybersecurity and supply chain risk challenges that threaten national security and production downtime. Our novel research and development are applied to commercial solutions proactively addressing the core source of cyber vulnerabilities and risk – software code and data. Our holistic, proactive approach prevents cyber attacks and disruptive production downtime across industries that support global citizen communities, including military defense, municipal smart cities, public and private transportation, energy, wastewater treatment, power utilities, manufacturing, and the life sciences. For more than 20 years, ObjectSecurity has been delivering cybersecurity and supply chain risk management solutions, including to U.S. defense and federal government agencies. These advanced technologies are now commercially available for government and private sector use. ObjectSecurity is privately-held with headquarters in San Diego, CA, with global representation. [5]

More Information

  1. SBIR Solicitation HR001121S0007-08:
  2. SBIR Award Information:
  3. The SBIR and STR Programs:
  4. ObjectSecurity OT.AI Platform
  5. ObjectSecurity

Media Contact

  • Dan Mathews
  • 1 650 515 3391 (office)
  • Contact

ObjectSecurity OT.AI Platform automates binary reverse engineering and vulnerability analysis. Click here if you are interested to learn more: