On February 13, 2023, Finite State, a pioneer in enterprise software supply chain risk management, announced its next generation platform, which includes extended SBOM management as well as the capacity to ingest and aggregate 120+ external data sources. The new platform provides Application and Product Security teams with a consolidated and prioritized risk perspective and unmatched visibility across the software supply chain lifecycle in order to grow operations employing continuous, next-generation risk management.
With the release of the next-gen platform, Finite State users will be able to continually and confidently decrease risk across 'any-party' firmware, software, or applications via a single lens. Already featuring over 2 billion analytical data points, product and AppSec Security teams will be able to utilize external tooling and feed to create the most extensive SBOM (Software Bill of Materials) in the industry, outlining all vulnerabilities on software components and dependencies.
The SBOM has emerged as the most crucial output for any business needing complete insight into its software supply chain to satisfy customer and vendor expectations, provide secure products, and comply with regulations. Best-in-class binary SCA (software composition analysis) from Finite State decomposes binaries (as opposed to source code) to provide corporate teams with continuous SBOM management tools to reduce AppSec risk.
Finite State's Next-Generation platform will have the following features:
-
End-to-end SBOM solution: An exhaustive solution for producing, collecting, visualizing, and distributing SBOMs in your supply chain.
-
Advanced guidance: Remediation guidance that combines and reconciles results across all scans ingested or created in order to provide context-aware suggestions.
-
Unified AppSec and Product Security Risk Management: The ability to ingest data from more than 120 scanners and feeds to integrate all of the tooling and information required to safeguard goods or systems within the context of the AppSec or Product Security environment.
-
World-class binary SCA: Improved SBOM capabilities for breaking down a product or asset into numerous components for a precise risk assessment.
-
Intuitive scoring system: A powerful scoring methodology that successfully expresses a product's or asset's risk levels via a simple numerical scale backed up by sophisticated risk prioritization.
-
Full VEX support: With an enhanced vulnerability intelligence correlation, import and export all VEX formats.
About Finite State
Founded in 2017, Finite State enables businesses to take control of product and application security for their connected devices and software supply chains. It acts as the single pane of glass for clients, giving constant visibility into software supply chain risk across the software supply chain lifecycle. Its platform, backed by a team of seasoned experts, provides customers with the automation to scale risk mitigation and 2B+ data points to deliver actionable SBOMs and insights, critical vulnerability data, and remediation guidance required to mitigate AppSec and product risk and protect the connected attack surface.