NetRise Unveils New Software Supply Chain Risk Management for Federal Agencies

NetRise Unveils New Software Supply Chain Risk Management for Federal Agencies



NetRise has announced a groundbreaking managed software supply chain risk management offering specifically tailored for the federal market. This new initiative is set to enhance the operational capabilities of federal agencies by utilizing evidence derived from binary analysis and an advanced context of software provenance. The service will be delivered through trusted federal integrators and managed service providers, allowing agencies to better assess and address software risks across their entire array of products, dependencies, and vendors.

At the helm of this initiative is Thomas Pace, co-founder and CEO of NetRise, who emphasized the pressing need for federal agencies to transform software supply chain risk management from an aspiration into an operational reality. He stated, “That requires more than questionnaires, attestations, or isolated tools. By enabling trusted partners with binary-derived evidence of what is actually in software, along with provenance intelligence that helps explain who is behind it and how far risk can spread…” In essence, they are looking to revolutionize the way federal agencies approach software risk — making it something tangible they can manage and act upon.

One of the cruxes of NetRise's offering lies in its collaboration with Asc3nd Technologies Group, which serves as a strategic launch partner. This partnership aligns with a broader trend in which federal agencies are increasingly required to operationalize their risk management procedures. Recent federal mandates—such as CISA’s Binding Operational Directive, an executive order on AI security, and guidelines regarding post-quantum cryptography—underscore the urgency for agencies to attain clarity on the components of software systems they utilize.

The NetRise solution begins from the binary level, allowing a comprehensive software asset inventory across various facets including firmware, operating systems, containers, and applications. This inventory is critical for ensuring compliance and proactive risk management. The addition of NetRise Provenance enhances this offering, as it maps out software components to their original sources, contributors, maintainers, and organizations. By doing so, it emphasizes the extent of risk propagation — a significant aspect when taking into account potential software compromises.

Agencies stand to gain remarkably from these capabilities as they help validate vendor-provided Software Bill of Materials (SBOMs) against the compiled artifacts. This yields an asset-level understanding vital for compliance with directives such as BOD 26-04. Moreover, agencies can enrich their inventory with context about software origins and enable faster responses to security incidents, all while competing with the accelerated timelines introduced by AI exploits.


Topics Other)

【About Using Articles】

You can freely use the title and article content by linking to the page where the article is posted.
※ Images cannot be used.

【About Links】

Links are free to use.