I'm not unbiased when it cames to Nate, who is one of my older friends, because he's dragooned me into being an advisor for SourceDNA. I've promised to donate all proceeds from his venture to charity, unless it returns enough to buy me a private jet, in which case I'm going to buy a private jet and then donate the rest to charity. I almost quit Matasano to join him; the day after I flew out to work out a role, we got the acquisition offer, and I had to stay.<p>Nate is way underselling himself. He's essentially not only acquired most of the contents of most of the app stores, and not only decompiled them, but has then built up a comparative analytics framework that can answer questions based on code similarity (as a first order of available facts) and behavior (as a sort of second-order thing).<p>I'm really curious to see what ideas other people would have for this kind of data set. If you could answer virtually any question about the behavior of any/every app in the app store, what would you do with that capability?<p>Also: people should ask him questions about how this stuff works. It's really neat.
Hi, I'm happy to discuss how we're finding hidden flaws in millions of apps that even developers didn't know about. We've built a really cool binary code search engine that has indexed the structure and behavior of apps. Our engine allows us to quickly find apps that exhibit particular problems, such as calling a broken API or using a version of a library that has a vulnerability.<p>I need to write more about how it works. We translate the app code into an intermediate language (like LLVM bitcode) and index features derived from both the structure (callgraph/control flow graph) and syntax (opcodes) of each function. This allows you to search for snippets of code that match particular patterns or discover the relationship between modules by assessing the similarity of each. Since we use an IL, we can match code cross-platform.<p>I'd love to talk about it here if you have questions.