Many companies need to meet compliance requirements or face hefty fines from their governing organizations. Finite State recently introduced a compliance mapping function so those companies can quickly confirm whether they’re able to pass an audit or achieve a certification.
The North American Electric Reliability Corporation (NERC), for example, can fine companies up to $1 million per severe violation per day. In 2019, it levied a $10 million fine against a company for 127 separate violations, the largest Critical Infrastructure Protection (CIP) fine ever.
Product certification also requires time in a lab, and those labs tend to be booked with thousands of manufacturers looking to have their products examined. Companies can avoid scheduling delays and protect themselves from expensive fees and the cost of having to redo an audit or certification by using the compliance mapping function built into the Finite State platform.
Finite State uses its advanced binary analysis to offer the visibility that security teams need to see if their products meet compliance. Open Web Application Security Project’s (OWASP) top 10 web application security risks are the first set of standards that Finite State’s compliance mapping feature supports, with more to roll out throughout the year.
“This functionality keeps the software development life cycle moving so that developers can keep working and security teams know where they need to mitigate before a product goes out the door,” said Gün Akkor, chief technology officer at Finite State. “The beauty of this functionality is that companies can input their own standards and don’t just have to rely on a list of what we support to increase the quality of their products.”
Security is notoriously difficult for embedded device manufacturers that may be dealing with multiple third-party vendors as they build products. Finite State’s compliance mapping feature is another example of the company’s shift-left mentality to reduce the cost and labor that companies allocate to security for their products while also improving product value.