NetRise, a company focused on securing the software supply chain, has introduced a new solution called NetRise Provenance, aimed at bringing greater transparency to the risks associated with open-source contributors embedded within enterprise software and connected devices. The product expands the capabilities of the NetRise Platform by offering deeper insight into Software Bill of Materials (SBOM) data, helping organizations understand not just what components exist in their software, but also who is behind them With Provenance, enterprises can better assess how risks tied to individual contributors or projects spread across their software ecosystems. The platform enables teams to quickly evaluate the “blast radius” of potential threats by mapping how compromised or risky code propagates through dependency chains. This allows organizations to prioritize remediation efforts based on real downstream impact rather than guesswork.

The solution addresses a longstanding challenge for organizations that procure and operate third-party software. Procurement and risk management teams now gain visibility into factors that were previously difficult to track, such as project health, contributor behavior, and how vulnerabilities or malicious changes might cascade across systems. By connecting these insights to actual deployment environments, companies can make more informed decisions about the software they rely on.

For software developers and product security teams, NetRise Provenance introduces policy-driven controls that govern the use of open-source components. Teams can define risk thresholds and automatically halt builds when dependencies fail to meet security standards. This helps prevent unsafe code from entering production environments while maintaining compliance with internal policies and external regulations.

According to NetRise CEO and co-founder Thomas Pace, many recent software supply chain incidents stem as much from misplaced trust as from technical vulnerabilities. He emphasized that attackers often gain credibility within open-source communities before introducing malicious code, leaving organizations scrambling to determine their exposure. Provenance is designed to eliminate that uncertainty by clearly identifying how far a compromised contributor’s influence extends.

The platform integrates with existing NetRise capabilities, combining binary-level intelligence with contributor attribution. It maps open-source packages to their maintainers and affiliated organizations, including geographic context, enabling companies to align with regulatory requirements and internal governance policies. In addition, it provides insights into repository activity, update patterns, and historical advisories, offering a clearer picture of project reliability.

Ad Banner

Michael Scott, NetRise co-founder and CTO, noted that one of the biggest challenges in supply chain security is not detecting a compromise, but understanding its full impact quickly. He explained that Provenance enables organizations to trace software components back to their origins including maintainers, organizations, and locations allowing teams to assess exposure in minutes rather than weeks.

Industry analysts also see growing importance in this level of visibility. As open-source adoption continues to rise, understanding contributor risk and its concentration across projects is becoming essential for both security and compliance teams. By layering this intelligence onto SBOM and dependency data, organizations can respond more effectively to emerging threats and focus remediation where it matters most With the introduction of Provenance, NetRise continues to evolve its platform toward a more comprehensive approach to software trust one that connects code, contributors, and policy in a unified system. The company positions this launch as a significant step in helping enterprises proactively manage supply chain risk in an increasingly complex and interconnected software landscape.

Recommended Cyber News:

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com 



🔒 Login or Register to continue reading