#USA #Austin #NetRise #software security #Vulnerability Management

NetRise® Enhances Software Supply Chain Security Platform

On August 5, 2025, in an exciting development for cybersecurity, NetRise announced a substantial upgrade of its software supply chain security platform. This enhancement is set to significantly improve the remediation and mitigation processes concerning components that operate at run-time. The company, known for constructing software asset inventories, is committed to helping organizations identify and manage risks associated with software that is actively being executed across their global operations.

During a recent announcement, Michael Scott, the co-founder and Chief Technology Officer of NetRise, emphasized the crucial difference between potential threats and actual vulnerabilities. He stated, "This is the difference between theoretical risk and real attack surface." This sentiment is echoed by the new features introduced in the latest version of the platform, aimed explicitly at prioritizing, mitigating, and remediating vulnerabilities effectively.

Key Features of the Enhanced Platform

One of the standout innovations in the upgraded platform is Reachability. This feature provides detailed context around a vulnerability’s accessibility and execution within a specific system, focusing resources on the threats that genuinely impact organizational security. “Vulnerability management and threat intelligence teams often suffer from distractions concerning noise in their systems,” noted Thomas Pace, the founder and CEO of NetRise. The platform’s capabilities now allow teams to concentrate on vulnerabilities that are both network-accessible and configured to execute automatically, making it a game-changer for security operations centers (SOCs).

Another noteworthy functionality introduced is the SBOM Edit. This feature enables teams to manually edit the Software Bill of Materials (SBOM), adding or refining components, thus ensuring the accuracy of the information presented. Metadata that may be lost during the build process, such as licensing details, can now be preserved, which is critical for compliance and security assessments.

The upgrade also incorporates a Fix Version indicator, marking the minimum software version in which a vulnerability has been fixed. This presents a significant advantage as it enables teams to prioritize easier fixes first, fostering a more efficient software development life cycle.

In addition to the aforementioned features, the entire platform architecture has been redesigned to boost its scalability and speed, enabling rapid future development cycles. Through analyzing numerous systems and artifacts, the insights gleaned can be transformational. System scans typically reveal hundreds to thousands of vulnerabilities, many of which are found in components that do not actually run. This creates a complicated noise issue, causing security teams to divert attention towards non-issues while critical vulnerabilities that could be exploited remain unaddressed.

Addressing Vulnerability Noise

As Scott aptly highlights, through mapping the execution chain from auto-start entries to the vulnerable components, organizations can fundamentally reduce the noise associated with vulnerabilities. This strategic insight ensures that security teams focus their efforts where it truly matters—on those vulnerabilities that are active and could potentially be exploited when the software assembles or starts up.

In their Supply Chain Visibility Risk Study published in Q4 2024, NetRise assessed networking devices and found an average of 1,120 reported common vulnerabilities and exposures (CVEs) per device. By demonstrating how to prioritize these CVEs, especially on those that are accessible via the network, manufacturers and third-party risk management teams have a clearer pathway to lower their workload significantly.

The upgrades announced mean that security teams can now act on vulnerabilities that consistently enjoin a journey from identification to remediation, ultimately improving the security posture of the organization.

Looking Ahead at NetRise

With the recent enhancements, NetRise positions itself as a frontrunner in the software supply chain security industry. Companies looking to enhance their cybersecurity measures can now leverage this advanced system to ensure they are not only ahead of potential threats but also capable of negotiating with vendors based on the security capabilities that have been fine-tuned through real-time data and intelligence.

To experience these new features and understand the full breadth of the NetRise platform, interested parties can schedule a demo or attend demonstrations at upcoming events such as the Black Hat Conference in Las Vegas. With the right tools in hand, organizations can swiftly identify, prioritize, and mitigate threats, making the complexities of software vulnerabilities more manageable than ever before.