Skip to main content
Welcome to the cutting edge of safety science—Learn more about our rebrand.
  • FAQ

SafeCyber™ Technical Guide and FAQs

Learn about the SafeCyber Platform and its solutions, Maturity Path™ and Binary Check™ from our technical guide and FAQs.

A businesswoman using a tablet with information displayed over it.

SafeCyber platform

How can I reach out to customer support for assistance?

Once users have registered on SafeCyber and received access to the platform, they can select “Support” on the top-right side of the screen. If they cannot access the platform, they can also contact UL Solutions' technical support team at [email protected].

How can I invite team members to SafeCyber platform?

The first person in a company to register on the SafeCyber account is the de facto company account administrator, who has the ability to invite team members under the same account.

A company administrator can invite other administrators or users either on the Dashboard application or directly on individual solutions such as Maturity Path and Binary Check by navigating to the “Users” tab on the left side and selecting “Invite new user.”

Maturity Path

How is the maturity level scoring done?

As you complete the questionnaire, each question contributes a certain amount of points to your maturity score. The spider web diagram displays the results on the selected project page.

Maturity level scoring

Using your answers, the tool calculates a maturity score for each subcategory (e.g., strategy and metrics within governance) and the overall category (e.g., governance) as three subcategories for the overall category. This score ranges from 0 to 3 for subcategories and 0 to 9 for the overall category.

Maturity levels and assessment scores are based on the existing Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM) 2.0 framework. The higher your maturity level is rated based on your given answers, the higher the score. The following table demonstrates the calculation per question and subcategory.

Assessment scores (per question)  Maturity levels (per subcategory)

1

Most

3

Comprehensive mastery at scale

0.5

At least half

2

Increased efficiency and effectiveness

0.2

Some

1

Ad hoc provision

0

None

0

Practice unfulfilled

How are certification readiness scores defined?

Certification readiness scores in Maturity Path are calculated based on an initial mapping of a standard’s clauses with the Maturity assessment questions and answers. This is how a first temporary certification readiness score is defined for available standards.

For the clauses of a standard that would not be met/mapped with the Maturity assessment, we ask additional questions so customers can determine whether they cover all clauses required from a given standard and obtain their final certification readiness score.

Does an evaluator-led assessment provide a verification or certification?

No. Currently, an evaluator-led assessment provides a verified assessment report to the customer, which recaps all customer-provided answers and evidence along with comments made by UL Solutions' evaluator. No UL Marks will be issued as part of this service.

Binary Check

How can I purchase and use Binary Check?

Product security and development teams can self-register on the SafeCyber platform and choose a plan with features based on their needs.

  1. Register on the platform 
  2. Go to the Marketplace tab and select “Learn More” under the Binary Check solution.
  3. Choose your preferred annual subscription plan:
    • Standard
    • Pro
    • Premium
  4. You can also email us at [email protected] to learn more about the benefits of Binary Check.
     
What are the supported architectures, operating systems, and software frameworks?

Supported architectures

  • Intel x86/x64
  • ARM Cortex-M, -A, -R
  • PowerPC, PowerPC VLE
  • NVIDIA AGX Xavier
  • Renesas RH850, V850, SuperH
  • Infineon TriCore
  • MIPS
  • NXP

Supported operating systems

  • Standard Linux distributions
  • Automotive Grade Linux (AGL)
  • Android
  • QNX
  • Windows server and client Oes (XP, 2016, 2019)
  • Windows Mobile
  • NetBSD
  • FreeBSD
  • FreeRTOS
  • Proprietary RTOS
  • RIOT
  • Fuchsia OS
  • OSEK OS
  • VxWorks
  • Containers (Docker save, /var/lib/docker)

Software frameworks

AUTOSAR

What are the supported development languages in SafeCyber’s Binary Check?
  • Assembly
  • BASIC
  • C
  • C++
  • Delphi
  • Go
  • Haskell
  • Java
  • JavaScript
  • Lisp
  • OCaml
  • Objective-C
  • Python
  • Qt
  • Rust
  • Swift
What are the detected software package types in Binary Check?
  • Linux kernel
  • Standard open-source packages
  • Python modules
  • Java packages
  • JavaScript libraries
  • Go Libraries
  • Erlang packages
  • Microsoft .NET packages
What are the supported file systems and disk image file formats?
  • ext2/3/4
  • ISO 9660 / UDF (.iso)
  • JFS, JFFS2, YAFFS
  • Macintosh HFS, APFS, .dmg
  • QNX—EFS, IFS
  • RomFS
  • UBIFS
  • Windows Imaging (WIC)
  • btrfs
  • CramFS
  • DOS MBR
  • minix
  • reiserfs
  • SquashFS
What are the supported compression and archive file formats within a SafeCyber’s Binary Check project?
  • 7-Zip (.7z)
  • AR archive
  • ARJ (.arj)
  • Base64
  • bzip2 (.bz2)
  • Compress (.Z)
  • cpio (.cpio)
  • DEFLATE
  • Electron archive (.asar)
  • Gzip (.gz)
  • lrzip
  • LZ4 (.lz4)
  • LZH (.lzh)
  • lzip
  • LZMA (.lz)
  • lzop
  • OTF
  • Pack200 (.jar)
  • PLF
  • RAR (.rar)
  • rzip
  • TAR (.tar)
  • UPX (.exe)
  • XAR (.xar)
  • XZ (.xz)
  • ZIP (.zip, .jar, .apk, others)
  • StuffIt
  • xStandard (.zst)
What are the supported installation file formats?
  • 7z, zip, rar, self-extracting .exe
  • Debian package (.deb)
  • Red Hat RPM (.rpm)
  • Windows installers (.exe, .msi, .cab)
What are the supported firmware file formats?
  • Android OTA file
  • Dahua
  • DJI
  • Intel HEX SREC (SRECORD, S19, S28, S37)
  • ODX
  • U-Boot Ambarella (.a9s, .a9h, romfs)
  • TPLink WR702n image
  • TRX UEFI firmware
  • VBF
  • VxWorks ROS
  • Xerox DLM
  • eMMC dump
What are the supported microcontroller file formats?
  • bin
  • hex
  • s19
  • .s
  • .s1
  • .s2
  • .s3
  • .sx
  • .srec
What are the supported mobile applications file formats?
  • Android (boot, sparse image, backup file)
  • Android APK
  • IPA (iOS App Store Package)
How are unknown vulnerabilities detected?

Unknown vulnerabilities are detected based on reverse engineering and dynamic binary code analysis. They are not reported externally and are based on private knowledge.

What are the supported container file formats on Binary Check?

The Binary Check solution supports the detection of software bill of materials (SBOM), publicly known and zero-day vulnerabilities from containers. All the software components and their corresponding vulnerabilities can be detected irrespective of the actual format, as the detection is performed at the file level. Software components and vulnerabilities can be detected independently from each individual file within the overlay2 file system or within save files.

Here are the supported containers file formats:

  • Docker overlay2 (/var/lib/docker)
  • Docker save files
What are the vulnerability sources for Binary Check?
  • Auto-ISAC
  • Bug trackers of packages
  • China National Vulnerability Database (CNVD)
  • China National Vulnerability Database of Information Security (CNNVD)
  • Exploit Database
  • ICS-CERT
  • Japan Vulnerability Notes (JVN)
  • JVN iPedia
  • Metasploit
  • MITRE
  • National Vulnerability Database (NVD)
  • Packet Storm
  • SecuriTeam
  • SecurityFocus
  • Zero Day Initiative
 
Can I use Binary Check with a ticketing and tracking solution?

Yes, you can use Binary Check with Jira Cloud to create and navigate to tickets directly from product security assessments.

What are the supported policies, guidelines and standards for compliance analysis?

General security

  • SANS Top 25
  • 2020 CWE Top 25
  • OWASP Top Ten 2017
  • Singapore CLS
  • Backdoor Analysis

Secure coding

  • MISRA C:2012
  • CERT C 2016 AUTOSAR C++14
  • IPA ESCR C 3.0
  • High Integrity C++ (HIC ++)
  • JSF AV C++
  • BARR-C:2018

Privacy

  • GDPR

Consumer Internet of Things (IoT)

  • ETSI EN 303 645
  • UL MCV 1376 (UL Solutions' IoT Security Rating labels)
  • CA Senate Bill No. 327
  • Oregon House Bill 2395

Automotive standards

  • ISO/SAE 21434
  • UNECE WP.29
  • UNECE WP.29 Annex 5B

Automotive best practices

  • ENISA Automotive Security Practices

Medical devices guidance

  • FDA/Medical Devices (Draft/Oct 2018)

Industrial IoT

  • IEC 62443-3-3 
  • IEC 62443-4-1
  • IEC 62443-4-2