CIO Influence
Analytics CIO Influence News IT and DevOps Security

GrammaTech Introduces Software Supply Chain Security Platform

GrammaTech Static Application Security Testing (SAST) Platform Extends DevSecOps to Embedded Software Development
CodeSentry Uses Binary Analysis to Create Software Bill of Materials, Detect Zero-Day and N-Day Vulnerabilities and Provide Risk Scoring for Third Party Software Applications

GrammaTech, a leading provider of application security testing products and software research services, announced the latest version of CodeSentry which reduces software supply chain security risks like those exploited in recent attacks on downstream users of SolarWinds, CodeCov and other applications. CodeSentry quickly analyzes purchased or commercial off the shelf software to identify application components, generate a software bill of materials (SBOM), and detect zero-day and N-day vulnerabilities.

Recommended ITech News: MPX Dev, Cutting-Edge Software Development That Will Change IT Development

.@GrammaTech Introduces Software Supply Chain Security Platform. CodeSentry Uses Binary Analysis to Create Software Bill of Materials, Detect Zero-Day and N-Day Vulnerabilities and Provide Risk Scoring for Third Party Software Applications

“Most organizations go to great lengths to ensure the safety and security of their physical supply chains yet do very little to assess the integrity of the code used to run their business. Recent incidents like the SolarWinds attack have shined a light on software risk and its consequences,” said Mike Dager, CEO of GrammaTech. “CodeSentry enables organizations to discover what components are in the software they are building or using, detect the presence of potential vulnerabilities and mitigate risk. CodeSentry also automates compliance with the SBOM requirement detailed in the recent Executive Order on Cybersecurity.”

Recommended ITech News: Demand for Cloud Data Migration Fuels Flexify.IO Expansion to 20 Supported Public Clouds and Cloud Storage Environments

CodeSentry Binary Analysis

Organizations have traditionally trusted software vendors to manage security risk associated with the applications they purchase. But the increasing frequency of software supply chain attacks is forcing enterprises to proactively assess and verify third party software for vulnerabilities that expose them to threats. Since source code is rarely available for purchased applications, binary analysis is the only alternative for extracting a SBOM to detect underlying risks in commercial software products. Derived from research conducted for defense and intelligence agencies, CodeSentry provides the following capabilities and benefits:

  • Creates Comprehensive SBOM – binary scanning identifies open source and third-party components and provides a security score, component match details, version information, location, and detailed vulnerability information including CVSS scores
  • Zero- and N-Day vulnerability detection – detects unknown (zero-day) and known (n-day) vulnerabilities in identified open source and third-party components
  • Executive Dashboard – provides a software application risk score based on detected vulnerabilities, CVSS and key performance indicators (KPIs)
  • Advanced reporting – for compliance and risk governance audits
  • Multiple SBOM formats – including industry standard CycloneDX
  • Flexible deployment – native SaaS application with optional on-premises deployment

“The increasing reliance by application developers on open source and third party components is a big reason why the software supply chain is vulnerable to being exploited by attackers,” said Chris Rommel, Executive Vice President for VDC Research. “Consequently, both application providers and end-user organizations need visibility into the code bases they sell and use so they can continually prove software integrity and proactively detect and mitigate vulnerabilities.”

Recommended ITech News: Default Cloud Security TDefault Cloud Security Tools May Not Protect Data Enoughools May Not Protect Data Enough

Related posts

IANS Research Launches New Service to Simplify Compliance for CISOs and Privacy Teams

PR Newswire

Crate.io Expands CrateDB Cloud with the Launch of CrateDB Edge

CIO Influence News Desk

Singapore To Leverage The Global Cyber Alliance’s IoT Threat Analytics Platform

Leave a Comment