Abstract: In general, this disclosure describes techniques for replacing target cryptographic primitives in executable binary files with other, potentially more secure, cryptographic primitives. In some examples, a computing system for augmenting cryptographic executables includes a locator to determine if an executable program in an executable binary file includes a target cryptographic primitive. The computing system can include a patch generator to generate patch instructions in response to a determination by the locator that the executable program includes the target cryptographic primitive. The patch instructions cause the executable program to execute a replacement cryptographic primitive instead of the target cryptographic primitive. A rewriter engine of the computing system can modify, based on the patch instructions, the executable program to generate a modified executable binary file.

Abstract: Techniques are disclosed for intelligently managing software development. In one example, a method for managing software development, includes receiving, by a computing system, a request to review source code written by a first developer, determining, by the computing system, a software skill set for the source code review, selecting, by the computing system, one or more selected source code reviewers from the pool of source code reviewers based on the software skill set and respective reputation scores for a pool of source code reviewers, assigning, by the computing system, one or more portions of the source code for code review to each of the selected source code reviewers, and determining, by the computing system, a consensus verification output on the code review based on review input from a majority of the selected source code reviewers.

Abstract: In general, this disclosure describes techniques for replacing target cryptographic primitives in executable binary files with other, potentially more secure, cryptographic primitives. In some examples, a computing system for augmenting cryptographic executables includes a locator to determine if an executable program in an executable binary file includes a target cryptographic primitive. The computing system can include a patch generator to generate patch instructions in response to a determination by the locator that the executable program includes the target cryptographic primitive. The patch instructions cause the executable program to execute a replacement cryptographic primitive instead of the target cryptographic primitive. A rewriter engine of the computing system can modify, based on the patch instructions, the executable program to generate a modified executable binary file.

Abstract: Techniques are disclosed for intelligently managing software development. In one example, a method for managing software development, includes receiving, by a computing system, a request to review source code written by a first developer, determining, by the computing system, a software skill set for the source code review, selecting, by the computing system, one or more selected source code reviewers from the pool of source code reviewers based on the software skill set and respective reputation scores for a pool of source code reviewers, assigning, by the computing system, one or more portions of the source code for code review to each of the selected source code reviewers, and determining, by the computing system, a consensus verification output on the code review based on review input from a majority of the selected source code reviewers.

Abstract: In general, this disclosure describes techniques for building an application designed to run on a given infrastructure as a container. For example, a unicontainer as described herein may represent a smallest-size, statically-linked binary that is the most optimal implementation of a container for executing an application. In some examples, a computing system builds this container by identifying unused or unneeded functionalities from dependencies for the application, for instance where such functionalities are provided by a target infrastructure for the container.

Abstract: An integrity verification subsystem can verify the integrity of software and firmware modules on a computing device at load time and/or at run time, independently of any operating systems that may be installed on the computing device. Some versions of the integrity verification subsystem can operate in physical and/or virtualized system environments, including virtualized mobile device architectures.

Abstract: A provisioning system can separately and independently provision different components for different purposes on a computing platform, and enforce component-specific purposes associated with the use of the individual provisioned components during operation of the platform. Some versions of the provisioning subsystem may operate on a virtualized mobile computing device and networked devices under control of the computing device. In some embodiments, the provisioning subsystem can enforce a desired “purpose” of a provisioned component while simultaneously denying a corresponding “anti-purpose.

Abstract: A policy arbitration system manages the fundamental communications and isolation between executable components and shared system resources of a computing device, and controls the use of the shared resources by the executable components. Some versions of the policy arbitration system operate on a virtualized mobile computing device to dynamically compile and implement policy rules that are issued periodically by multiple different independent execution environments that are running on the computing device. Semi-dynamic policy changes allow for context enabled policy changes that enforce the desired system and component “purpose” while simultaneously denying the “anti-purpose”.

Abstract: Polymorphic computing architectures can support and control separate, independently executable domains and other components on a computing platform. In some embodiments, the architectures may control the different domains and/or components according to different purposes. In some embodiments, the architectures can control domains and/or components to enforce a desired “purpose” of a domain/component while simultaneously denying a corresponding “anti-purpose”.

Abstract: A domain manager system as disclosed herein can control the selective activation of multiple independently-operable execution environments or domains on a computing device in accordance with one or more policies. In some embodiments, activation of a domain may at least temporarily transform a general purpose computing device into a specific purpose computing device or “appliance” by disabling use of one or more shared system resources by other domains.

Abstract: A provisioning system can separately and independently provision different components for different purposes on a computing platform, and enforce component-specific purposes associated with the use of the individual provisioned components during operation of the platform. Some versions of the provisioning subsystem may operate on a virtualized mobile computing device and networked devices under control of the computing device. In some embodiments, the provisioning subsystem can enforce a desired “purpose” of a provisioned component while simultaneously denying a corresponding “anti-purpose.

Abstract: A policy arbitration system manages the fundamental communications and isolation between executable components and shared system resources of a computing device, and controls the use of the shared resources by the executable components. Some versions of the policy arbitration system operate on a virtualized mobile computing device to dynamically compile and implement policy rules that are issued periodically by multiple different independent execution environments that are running on the computing device. Semi-dynamic policy changes allow for context enabled policy changes that enforce the desired system and component “purpose” while simultaneously denying the “anti-purpose”.

Abstract: A method and system for application-based monitoring and enforcement of security, privacy, performance and/or other policies on a mobile device includes incorporating monitoring and policy enforcement code into a previously un-monitored software application package that is installable on a mobile device, and executing the monitoring and policy enforcement code during normal use of the software application by a user of the mobile device.

Abstract: A domain manager system as disclosed herein can control the selective activation of multiple independently-operable execution environments or domains on a computing device in accordance with one or more policies. In some embodiments, activation of a domain may at least temporarily transform a general purpose computing device into a specific purpose computing device or “appliance” by disabling use of one or more shared system resources by other domains.

Abstract: Polymorphic computing architectures can support and control separate, independently executable domains and other components on a computing platform. In some embodiments, the architectures may control the different domains and/or components according to different purposes. In some embodiments, the architectures can control domains and/or components to enforce a desired “purpose” of a domain/component while simultaneously denying a corresponding “anti-purpose.

Abstract: An integrity verification subsystem can verify the integrity of software and firmware modules on a computing device at load time and/or at run time, independently of any operating systems that may be installed on the computing device. Some versions of the integrity verification subsystem can operate in physical and/or virtualized system environments, including virtualized mobile device architectures.

Abstract: A method and system for application-based monitoring and enforcement of security, privacy, performance and/or other policies on a mobile device includes incorporating monitoring and policy enforcement code into a previously un-monitored software application package that is installable on a mobile device, and executing the monitoring and policy enforcement code during normal use of the software application by a user of the mobile device.

Abstract: A method and system for application-based monitoring and enforcement of security, privacy, performance and/or other policies on a mobile device includes incorporating monitoring and policy enforcement code into a previously un-monitored software application package that is installable on a mobile device, and executing the monitoring and policy enforcement code during normal use of the software application by a user of the mobile device.

Abstract: A method and system for application-based monitoring and enforcement of security, privacy, performance and/or other policies on a mobile device includes incorporating monitoring and policy enforcement code into a previously un-monitored software application package that is installable on a mobile device, and executing the monitoring and policy enforcement code during normal use of the software application by a user of the mobile device.

Abstract: A method and system for application-based monitoring and enforcement of security, privacy, performance and/or other policies on a mobile device includes incorporating monitoring and policy enforcement code into a previously un-monitored software application package that is installable on a mobile device, and executing the monitoring and policy enforcement code during normal use of the software application by a user of the mobile device.