Function-Level Reachability Sounds Great—But Falls Short in Practice

Function- or dependency-level reachability analysis can be incredibly powerful. When you know for certain that a vulnerable function is never called, or that a dependency is unused, it becomes easy to de-prioritize or dismiss that finding. In ideal environments—such as cloud-native applications with full runtime observability and rapid CI/CD feedback these methods can deliver precise answers. For medical device software, however, the reality is far messier. Function-level accuracy often requires access to the full runtime context, extensive instrumentation, and regular re-validation across releases, all of which are rarely feasible for regulated, embedded systems.

In the medical device space, even small changes to firmware or configuration may render prior function-level assumptions obsolete. Worse, these systems often lack runtime visibility altogether, making dynamic analysis incomplete or impossible. The software lifecycle moves slowly in terms of release, but fast in terms of vulnerability discovery meaning insights based on static function usage can quickly become outdated or irrelevant. Tools that rely purely on identifying which functions are “in use” miss the bigger picture: vulnerabilities are not just about code usage, but about whether an attacker can actually reach and exploit them within the system’s operational context.

That’s where ELTON offers a more scalable and resilient approach. Instead of focusing only on function-level granularity, ELTON models the full product architecture, dataflows, access controls, and threat surfaces through a digital twin. This allows vulnerabilities to be overlaid onto a living representation of the product capturing how a threat would actually move through the system. ELTON identifies whether a vulnerability is reachable or exploitable not by guessing at function calls, but by analyzing the complete context: required privileges, compromised assets, architectural mitigations, and other known vulnerabilities that could change the threat landscape.

Function-level analysis still plays a role, but ELTON helps pinpoint which vulnerabilities warrant that deeper look—drastically reducing the noise and manual workload. By first filtering out the vast majority of findings that are unreachable or unexploitable within the product’s real-world design, ELTON enables targeted, high-value remediation efforts. This means teams can reserve their most resource-intensive efforts for the few findings that truly matter delivering better security outcomes with far less effort, and maintaining compliance even as products evolve.