Fortress Information Security (Fortress) and CodeSecure today announced a partnership to offer new capabilities to map open-source software components and find and understand quality and security defects in third party or commercial software. CodeSecure, a leading provider of application security testing products, enables Fortress to expand its Software Bill of Materials (SBOM) security and remediation capabilities.
Fortress cybersecurity experts’ partner with public sector organizations and critical infrastructure stakeholders to fortify every link in the software supply chain. CodeSecure helps to identify open-source components and shared dependencies in software, containers, and mobile/desktop applications. In addition, CodeSecure conducts binary code analysis to detect security vulnerabilities in externally developed software components without access to source code.
"SBOMs are a critical tool for bolstering our national security and protecting critical infrastructure and defense assets from nation-state attacks," said Alex Santos, CEO of Fortress. "CodeSecure enables us to build additional security and remediation capabilities that help our customers maximize all the potential of their SBOM deployments."
The need for SBOM transparency is fundamental and critical. New research from Fortress found that software vulnerabilities can "lie in wait" for up to three years before being detected, and 90% of products used by U.S. electric utilities contained software code developed in Russia or China, which was three times more likely to have critical severity vulnerabilities.
CodeSecure will help Fortress continue to expand its SBOM database and provide relevant risk data to critical industries via the North American Energy Software Assurance Database (NAESAD)
"Open-source software is an attack surface often exploited by cyber attackers," said Andrew Meyer, Chief Marketing Officer of CodeSecure. "The partnership with Fortress will enable our customers to not only catalog all their software components but also detect and remediate vulnerabilities before they can be exploited."
The companies will discuss software supply chain security challenges and solutions during a webinar on January 10th at 11am ET!
About CodeSecure
Used by the world's most security-conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. CodeSecure products enable rapid DevSecOps deployments while also securing their software supply chains. CodeSecure has corporate headquarters in Bethesda MD and publishes TalkSecure, an educational resource for product software developers. Visit us at https://www.codesecure.com and follow us on LinkedIn and X.
About Fortress Information Security
Fortress secures North America's power and defense supply chains from cyberattacks on operational and critical enterprise technologies. Fortress' proprietary technology platform orchestrates North America's most advanced cyber supply chain risk management and vulnerability management programs. Fortress operates the Asset to Vendor network, which gives critical operators confidence that the products and services they obtain from others are cyber-safe. Fortress is a Goldman Sachs Portfolio Company.
About NAESAD
North American Energy Software Assurance Database (NAESAD): An industry-wide collaborative database to create and share Software Bills of Materials (SBOM) in products used by utilities across North America. NAESAD is led by several investor-owned utilities (including AEP, Southern, Xcel, and NiSource) and managed by Fortress Information Security to create a comprehensive SBOM library for common vendors and suppliers.