Start-up finds and fixes IoT vulnerabilities

  • March 29, 2023
  • Steve Rogerson

Virginia-based cyber-security start-up OP[4] launched this month with over $2m in initial seed funding secured through a combination of product sales and private investment.

Its security platform is designed to find and fix N-Day and 0-Day vulnerabilities in IoT devices and embedded systems automatically. The offering is based on technology originally developed for Darpa and productised via AFWerx.

Already delivering the software-as-a-service product to the US government, the company is preparing to release industry-specific versions for consumer IoT, aerospace and defence, and telecommunications markets this spring. These will support the White House’s national cyber-security IoT labelling initiative launching later this year.

“As IoT devices become increasingly prevalent, we aim to provide the commercial sector with the same level of protection and privacy as nation states,” said OP[4] co-founder and CEO Irby Thompson. “Our technology empowers device manufacturers, integrators and critical infrastructure operators to create safer, more reliable products faster and more cost-effectively than ever before.”

The power of OP[4]’s platform lies in its ability to simulate a running device, allowing it to differentiate between active and inactive code and assess risk at the binary level. The fully automated system continuously and accurately detects, isolates, validates, classifies, prioritises and remediates N-Day and 0-Day vulnerabilities. This enables product development teams to concentrate first on addressing mission-critical vulnerabilities across their entire software supply chain, reducing risk and enhancing time to market.

“Traditional security analysis tools generate an overwhelming list of software defects, but few of these are actually exploitable by attackers,” said OP[4] co-founder and CTO Scott Lee. “OP[4] puts the developer experience first by continuously providing targeted, vulnerability insights and prioritisation of risks throughout the product development cycle when they can be most efficiently addressed, while also offering unprecedented visibility into the software supply chain. It is our goal to work alongside our customers to enable them to ship more secure products on time and within budget.”

OP[4]’s system is a product of the founders’ experience in software security. Lee, an expert in binary analysis, previously served as chief technology officer of firmware risk analysis platform Finite State. Thompson, former vice president of product security at embedded software provider Wind River, sold two previous software security start-ups – Pikewerks sold to Raytheon in 2011, and Star Lab sold to Wind River in 2020.

Founded in 2022 and headquartered in Chantilly, Virginia, OP[4] uses technology created through Darpa and productised via AFWerx for US national defence. Its automated platform simulates a running device to distinguish between active and inactive code, analysing risk at the binary code level, and filtering out noise to detect, validate, prioritise and remediate exploitable N-Day and 0-Day vulnerabilities.