New Platform Delivers Increased Scale While New Features Add Efficiency in the Software Development Life Cycle and The SOC
NetRise, the leader in software supply chain security — building software asset inventories that enable enterprises to identify and manage risk in software that actually runs on devices across global organizations — announced a significant update to its core product platform. This update makes users’ time more efficient and effective in prioritizing, mitigating, and remediating vulnerabilities found in the software they produce and reducing risk in the environments in which that software runs.
“This is the difference between theoretical risk and real attack surface.” – Michael Scott, co-founder and CTO of NetRise
Cyber Technology Insights : Reality Defender and ActiveFence Forge Alliance to Enhance AI Safety Frameworks
“Vulnerability management and threat intelligence teams often suffer from and are distracted by noise in the systems they use to protect their enterprise infrastructure,” said Thomas Pace, founder and CEO of NetRise. “The capabilities we’ve announced allow them to focus on those vulnerabilities that are both accessible on the network and automatically execute at runtime. With this intelligence the SOC team has at their fingertips a mechanism to update policies and mitigate those vulnerabilities before a threat actor can take advantage.”
Key features introduced into the NetRise platform include:
- Reachability – context on whether a vulnerability is reachable and autoruns within a given system, including user execution context. This approach aims to prioritize vulnerabilities more effectively, focusing on those that pose a real threat to the system.
- SBOM Edit – manually add, remove, and edit SBOM components, and add information that is often lost in the build process, or licensing information that is contained in metadata files from a package manager, to ensure the accuracy of SBOMs delivered.
- Fix Version – indication of the minimum version of the component in which the vulnerability is resolved, a useful data point for prioritization because it highlights issues that are likely easy to fix.
- Platform rearchitecture that increases the ability to scale and to speed up the development of future releases.
Cyber Technology Insights : SignQuantum Unveils Quantum-Safe Solution to Secure Digitally Signed Documents
“When we analyze systems and artifacts, we typically find hundreds or even thousands of vulnerabilities, but the vast majority are in components that never actually execute. This creates a dangerous signal-to-noise problem – security teams waste precious time investigating CVEs in dormant libraries while missing the critical vulnerabilities in applications that run,” said Michael Scott, co-founder and CTO of NetRise. “By mapping the execution chain from autostart entries through scripts to the actual vulnerable components, we can reduce vulnerability noise drastically and help teams focus on what actually matters: the vulnerabilities that can actually be exploited when the asset powers on or loads. This is the difference between theoretical risk and real attack surface.”
In its Supply Chain Visibility & Risk Study, published in Q4 2024, NetRise reported that on networking devices whose compiled software NetRise analyzed, an average of 1,120 CVEs were found per device. The report showed how to prioritize those CVEs to focus on those that were network accessible, greatly reducing the work required of a manufacturer’s development team or of an enterprise’s third-party risk management team.
“Today’s announcement, giving those teams visibility into components that autorun on startup, reduces that work even further,” said Pace. “This allows software developers to remediate the most critical vulnerabilities, reducing the time to deliver secure software. And for buyers of networking and other connected devices, third-party risk teams and their partners in procurement now have the tools to negotiate more effectively with their vendors to further reduce risk in the enterprise.”
Cyber Technology Insights : SonicWall Zero-Day: What the Latest Firewall Exploit Tells Us About Emerging Enterprise Threats
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
Source: prnewswire