Software Bill of Materials (SBOM). Four words you’ve most likely heard on repeat over the last few months. Why is this the case? Well, aside from the Executive Orders and Memorandums issued by the White House - which specifically call out the need for SBOMs in critical software - it appears the industry as a whole is starting to wake up to the very real problem(s) that come from a lack of visibility into our …

AUSTIN, Texas – October 18, 2022 – NetRise, the company solving the world's XIoT security problem, announced today it has been designated by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA). NetRise joins a list of partners, including 240+ organizations from 35 countries, to further expand the community-driven CVE Program. CNAs are organizations from around the world authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their …

Over the past 16 months the federal government has issued a number of directives to enhance the security of its computer systems and the data that resides on those systems. The Executive Order (EO) 14028 issued on May 12, 2021 required a number of initiatives to enhance the government’s cybersecurity posture including enhancing the security of the software supply chain. That Executive Order has been reinforced with the issuance of M-22-18 by the Office of …

A device, with respect to information technology, is any equipment or associated software ranging from programs, languages, or associated documentation that is designed for the purpose of utilizing information stored in a digital format. Devices in this context include but are not limited to computer systems, computer networks, and computer equipment used for input, output, processing, storage, organization, and display for any user’s intended purpose. In any 21st-century professional setting, devices are connected using the …

NetRise is proud to announce its completion of SOC 2 Type I (System and Organization Controls) compliance, less than two years from its inception. The SOC 2 Type I certification indicates that a verified third party has thoroughly reviewed NetRise's business and product elements (software, data, policies, procedures, people, operations, and more) and deemed them in compliance with SOC 2 Type I requirements. Being in the security industry, NetRise undoubtedly recognizes the importance of securing …

AUSTIN, Texas, August 8, 2022 -- NetRise, the company providing visibility into the world's XIoT security problem, announced today the release of the NetRise Platform, which is the industry’s first solution providing insights into shared vulnerabilities across XIoT firmware images in an organization. NetRise is a cloud-based SaaS platform that analyzes and continuously monitors the firmware of XIoT devices. The firmware images are then dissected, presenting all of the key data, artifacts, and risk in …

AUSTIN, Texas, Aug. 1, 2022 /PRNewswire/ -- NetRise, the company solving the world's XIoT (Extended Internet of Things) security problem, announced today the addition of Stuart McClure, Former CEO of Cylance, to the company's Board of Directors. "NetRise is one of the most innovative and promising early-stage cybersecurity companies I have had the pleasure of advising. Joining the Board of Directors gives me the opportunity to help set the strategic direction of the company along with its day to …

AUSTIN, July 26, 2022 /PRNewswire/ -- NetRise, the company providing visibility into the world's XIoT security problem, and Fortress Information Security, the nation's leading cybersecurity provider for critical infrastructure organizations with digitized assets, announced today a strategic partnership. This partnership gives Fortress Information Security's global customers access to the most advanced firmware binary analysis platform on the planet. The NetRise team's experience in data science, machine learning, and software reverse engineering dramatically expands Fortress customers' ability to identify and …

In a recent post we identified the problem of “zero-awareness” – businesses often don’t know what xIoT devices are attached to their network and what risks and vulnerabilities those devices have. Why this problem exists is a conundrum, both easy to explain and impossible to explain. The easy explanation is that xIoT devices typically run firmware and our traditional security tools deal with software, not firmware. The conundrum is that firmware is software, so why …

Risk management is a big part of running a business these days, especially in IT circles. Not only are threat actors always evolving and enhancing their attacks, but also the attack surface of organizations is constantly growing. The advent of IoT introduced literally millions if not billions of new devices for hackers to potentially exploit. Have you considered who really owns the risk associated with xIoT devices? Imagine it’s 2014 and your router was compromised …