Enterprise Security, Platform Security, Software Security

Finite State Launches Next-Gen Platform for Software Supply Chain Security

Finite State Launches Next-Gen Platform for Software Supply Chain Security

On February 13, 2023, Finite State, a pioneer in enterprise software supply chain risk management, announced its next generation platform, which includes extended SBOM management as well as the capacity to ingest and aggregate 120+ external data sources. The new platform provides Application and Product Security teams with a consolidated and prioritized risk perspective and unmatched visibility across the software supply chain lifecycle in order to grow operations employing continuous, next-generation risk management.

With the release of the next-gen platform, Finite State users will be able to continually and confidently decrease risk across 'any-party' firmware, software, or applications via a single lens. Already featuring over 2 billion analytical data points, product and AppSec Security teams will be able to utilize external tooling and feed to create the most extensive SBOM (Software Bill of Materials) in the industry, outlining all vulnerabilities on software components and dependencies.

The SBOM has emerged as the most crucial output for any business needing complete insight into its software supply chain to satisfy customer and vendor expectations, provide secure products, and comply with regulations. Best-in-class binary SCA (software composition analysis) from Finite State decomposes binaries (as opposed to source code) to provide corporate teams with continuous SBOM management tools to reduce AppSec risk.

Finite State's Next-Generation platform will have the following features:

  • End-to-end SBOM solution: An exhaustive solution for producing, collecting, visualizing, and distributing SBOMs in your supply chain.
  • Advanced guidance: Remediation guidance that combines and reconciles results across all scans ingested or created in order to provide context-aware suggestions.
  • Unified AppSec and Product Security Risk Management: The ability to ingest data from more than 120 scanners and feeds to integrate all of the tooling and information required to safeguard goods or systems within the context of the AppSec or Product Security environment.
  • World-class binary SCA: Improved SBOM capabilities for breaking down a product or asset into numerous components for a precise risk assessment.
  • Intuitive scoring system: A powerful scoring methodology that successfully expresses a product's or asset's risk levels via a simple numerical scale backed up by sophisticated risk prioritization.
  • Full VEX support: With an enhanced vulnerability intelligence correlation, import and export all VEX formats.

About Finite State

Founded in 2017, Finite State enables businesses to take control of product and application security for their connected devices and software supply chains. It acts as the single pane of glass for clients, giving constant visibility into software supply chain risk across the software supply chain lifecycle. Its platform, backed by a team of seasoned experts, provides customers with the automation to scale risk mitigation and 2B+ data points to deliver actionable SBOMs and insights, critical vulnerability data, and remediation guidance required to mitigate AppSec and product risk and protect the connected attack surface.

Spotlight

Reducing the operational risks of IT/OT connectivity entails a different number of challenges, like building threat detection capabilities for OT environment without causing operational risks, or understanding security events, their impact on OT environments and focus on what really matters. Adding to this, the general lack of r


Other News

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Dom Nicastro | April 03, 2020

Read More

Spotlight

Reducing the operational risks of IT/OT connectivity entails a different number of challenges, like building threat detection capabilities for OT environment without causing operational risks, or understanding security events, their impact on OT environments and focus on what really matters. Adding to this, the general lack of r

Resources