#United States #Washington #NetRise #software security #Manifest Cyber

Innovating Software Supply Chain Security

In a groundbreaking announcement, Manifest, a prominent platform in software and AI supply chain security, has partnered with NetRiseⓇ to offer the industry's first all-encompassing view of software and firmware risks. This collaboration promises to fill a significant gap many organizations have faced in securing their technology ecosystems.

The Challenge of Firmware Security

As more organizations implement software supply chain programs, from source code analysis to software bill of materials (SBOM) generation, one critical layer has often been overlooked: firmware. This compiled code operates beneath the operating system on essential devices and is vital for understanding the complete exposure to potential risks. The absence of visibility into firmware leaves security teams, particularly those safeguarding cyber-physical products, with an incomplete understanding of their security posture. As cyberattacks increasingly target this layer, the need for comprehensive firmware security becomes clear.

The Manifest Platform

Organizations including Fortune 500 companies, government agencies, and critical infrastructure operators rely on the Manifest Platform for securing their entire AI and software supply chain. This platform enables them to build and acquire secure software without sacrificing operational velocity. With features that maintain an exhaustive inventory of software components and AI models—including licensing information—it allows organizations to identify, assess, and remediate risks proactively. Its automated workflows facilitate continuous compliance, addressing open-source and third-party software risks effectively.

A Perfect Partnership

Recognizing the necessity to extend visibility into firmware, Manifest sought a partner skilled in firmware expertise. This quest led to a collaboration with NetRise, whose software is engineered from the ground up to analyze binary code within firmware and real-time operating systems. The advantage of this partnership is significant: organizations can now generate and analyze complete SBOMs for firmware and embedded systems directly through the Manifest Platform.

Benefits of the New Integration

The integration of NetRise's capabilities allows users to:

• - Gain actionable insights into software components running on their devices.
• - Conduct thorough risk assessments across their entire technology stack.
• - Enhance compliance with emerging regulations regarding SBOMs and firmware transparency.
• - Mitigate critical security gaps that have long existed.

This deep integration into the Manifest Platform empowers users to identify vulnerabilities, misconfigurations, and hard-coded secrets, as well as to evaluate outdated components within device firmware. Such capabilities ensure that even older or vendor-supplied systems are factored into risk assessments, which is crucial for industries reliant on legacy technology—like healthcare, where outdated MRI machines can pose safety risks.

A Strategic Shift

Robbie Robbins, Vice President of Partnerships at NetRise, articulated the essence of their mission: 'NetRise was built to end blind trust in software forever.' This partnership reshapes how organizations think about risk management, shifting from reactive measures to proactive transparency across their entire systems. Likewise, Daniel Bardenstein, CEO of Manifest, emphasized that previously, organizations could analyze their code and containers but struggled with the firmware aspect. Now, integrating NetRise's cutting-edge analysis transforms how customers view their software supply chain, illuminating details previously hidden beneath the surface.

The Road Ahead

This collaboration marks just the beginning of what Manifest and NetRise can accomplish together. By bridging the gap between source code and articulated analysis of deployed systems, this partnership champions an era of heightened security and compliance within technology. As firms face increasing scrutiny regarding software risks, the tools and insights provided by this partnership will be essential for fostering a secure and transparent technology landscape.

Learn More

For more information on how Manifest and NetRise are revolutionizing software supply chain security, visit their respective websites: Manifest Cyber and NetRise.