Finite State releases Next Gen Platform for software supply chain security

Finite State has released its Next Generation Platform featuring extended SBOM management with the ability to ingest and aggregate 120+ external data sources.

The new platform gives Application and Product Security teams a unified and prioritized risk view with unprecedented visibility across the software supply chain lifecycle to scale operations through continuous, next-generation risk management.

The launch of the Next Gen Platform will enable Finite State customers to continuously and confidently reduce risk across ‘any-party’ software, firmware, or applications through a singular lens.

Already featuring over 2 billion data points of analysis, AppSec and Product Security teams will be able to leverage external tooling and feeds to build the SBOM (Software Bill of Materials), detailing all vulnerabilities on software components and dependencies.

The SBOM has emerged as the most critical output for any organization needing comprehensive visibility into their software supply chain to ship secure products, satisfy customer and vendor requests, and meet regulatory requirements.

Finite State’s binary SCA (software composition analysis) decomposes binaries (in contrast to source code) to enable enterprise teams with continuous SBOM management capabilities to drive down AppSec risk.

According to Gartner, “By 2026, at least 60% of organizations procuring mission-critical software solutions will mandate SBOM disclosures in their license and support agreements, up from less than 5% in 2022.”

The capability of generating an SBOM, using the SBOM to take corrective action and managing the SBOMs across the software supply chain will be on full display in S4x23’s SBOM Challenge.

Finite State will compete to demonstrate its capability to fully analyze a heterogeneous collection of firmware images. Finite State’s approach from its inception has been to deliver next generation SCA with robust automation capabilities that align to expected market growth as defined by industry experts.

According to Gartner: “By 2024, 90% of software composition analysis tools will be able to generate and verify SBOMs to help securely consume open-source software, up from 30% in 2022.”

Finite State’s Next Gen platform features will include:

• End-to-end SBOM solution: The solution for generating, collecting, visualizing, and distributing SBOMs in your supply chain.
• Unified AppSec and Product Security Risk Management: Ability to ingest data from 120+ scanners and feeds, to unify all the tooling and intelligence used to secure products or systems, within the full context of the AppSec or Product Security environment.
• Advanced guidance: Remediation guidance that aggregates and reconciles results across all scans, generated or ingested for context-aware recommendations.
• World-class binary SCA: Enhanced SBOM capabilities to decompose a product or asset into its many components for a laser-focused risk assessment.
• Intuitive scoring system: A robust scoring methodology that conveys risk levels of a product or asset through a straightforward numerical scale, backed by risk prioritization.
• Complete VEX support: Import and export all VEX formats, with advanced vulnerability intelligence correlation.

“There’s been a significant shift in the composition of enterprise software, and the cybersecurity market hasn’t kept pace to align with how software is built,” said Matt Wyckhouse, CEO, Finite State.

“AppSec and product security teams are looking to automate embedded system assessment and analysis so they can ensure security across any phase of product development, as risks in the software supply chain are increasing rapidly. Our Next Generation Platform is addressing the needs of software producers and consumers to drive down software supply chain risk with the peace of mind they need to ship or deploy connected products securely,” Wyckhouse concluded.