Partnership Focused on Meeting Software Bill of Materials Regulatory Requirements; Remediating Risk Through SBOM Transparency
Fortress Information Security (Fortress) and NetRise today partnered to offer a new, innovative Software Bill of Materials (SBOM) transparency solution to secure software supply chains and meet evolving regulatory requirements for software transparency.
Fortress’ cybersecurity experts partner with public sector organizations and critical infrastructure stakeholders to fortify every link in the software supply chain. NetRise and Fortress provide a comprehensive view of software components for products that manage critical infrastructure facilities. The SBOM data from NetRise combined with Fortress’ analysis and data will be available to users of the North American Energy Software Assurance Database (NAESAD) via the Fortress Platform.
The need for SBOM transparency is fundamental and critical. New research from Fortress found that software vulnerabilities can “lie in wait” for up to three years before being detected and
90% of products used by U.S. electric companies contained software code that was developed in Russia or China, which is three times more likely to have cyber vulnerabilities.
“Our two companies provide organizations drowning in data with the insight they need to mitigate their most critical vulnerabilities,” said Fortress CEO and co-founder Alex Santos. “With our combined tools and expertise, organizations can build SBOMs that position organizations to identify and mitigate threats proactively and respond quickly and resiliently to attacks.”
NetRise specializes in examining firmware and binary analysis. Firmware can be like a black box, but NetRise is unique in its ability to give users an inside view of products that are hard to examine. Fortress provides comprehensive Operational Technology (OT) supply chain cyber risk management software that secures companies’ critical data. Offering NetRise’s firmware capabilities, Fortress’ Platform, and the ability to analyze applications, libraries, and operating systems, puts Fortress at the leading edge of SBOMs for firmware and NAESAD users will get a comprehensive view of risk resulting from their software products.
“Working with Fortress, we offer users best-in-class SBOMs that provide a complete picture of the software that so many companies rely on,” said NetRise CEO and co-founder Thomas Pace. “We’ve joined forces to give customers insight into all the vulnerabilities in their software security supply chains. And, most importantly, a means of fixing those issues.”
Leaders from the two companies will discuss this new partnership during a webinar this Thursday, September 21, at 12N ET.
The Time is Coming for Everyone to Have an SBOM Program
Over the past several years, incidents like the SolarWinds attack and the Log4J vulnerability disclosure have highlighted the need to identify and assess every software component used within critical industries. SBOMs provide the recipe of proprietary and open-source ingredients in software that run critical infrastructure technologies and enable companies to identify, triage, and remediate the most impactful and destructive risks.
An Executive Order from The White House this year and formal remarks from the Cybersecurity and Infrastructure Security Agency (CISA) have singled out SBOMs as a critical tool to secure software. In the future, critical infrastructure companies will require an SBOM for software products they purchase.
“The need for increased SBOM usage is critical,” said Santos. “For security, compliance, and business reasons, we can’t kick the can down the road on SBOM adoption any longer. Software-based attacks are the greatest threat to the security of critical infrastructure and the citizens who rely on it. This partnership with NetRise fortifies our comprehensive and conclusive approach to software supply chain security.”
Based in Austin, Texas, NetRise was built by defensive cyber experts bred across the private sector, intelligence community, and U.S. federal government to solve the firmware security problem. The company partners with companies across manufacturing, automotive, medical devices, industrial control systems, satellites, and many more. https://www.netrise.io/
Fortress Information Security provides leading-edge cybersecurity solutions to defend organizations across the U.S. government / DoD, and the energy & utilities sectors from nation-state threats. With proven expertise in third-party risk management, vulnerability management, and supply chain security, Fortress helps leaders protect the critical infrastructure, systems, and people that drive our economy and defend our nation. Fortress operates America’s first and only multi-layer vendor exchange database that brings vendors and critical infrastructure businesses together to share risk data and deliver the tools to assess, prioritize, and mitigate risk across critical shared assets. Fortress is a Goldman Sachs company.
North American Energy Software Assurance Database (NAESAD): An industry-wide collaborative database to create and share Software Bills of Materials (SBOM) in products used by utilities across North America. NAESAD is led by several investor-owned utilities (including AEP, Southern, Xcel and Nisource) and managed by Fortress Information Security to create a comprehensive SBOM library for common vendors and suppliers.