While many organizations have begun to implement software supply chain programs, often leveraging tools for source code analysis, container scanning, and software bill of materials (SBOM) generation, one layer has remained stubbornly out of reach: firmware, the compiled, vendor-supplied code running beneath the operating system on critical devices and equipment. This gap leaves security teams, especially for cyber-physical products, with an incomplete picture of their exposure, even as attacks increasingly target the device layer.
Fortune 500 companies, critical infrastructure and government agencies use the Manifest Platform to secure the entire AI and software supply chain, so teams can build and buy secure, trusted software without losing velocity. With Manifest, organizations maintain a complete inventory of software components and AI models (including licensing), can proactively identify and assess risks, and ensure continuous compliance through automated remediation workflows. The platform automates open source software and AI supply chain risk assessments, and continuously quantifies and monitors third-party software risk.
To extend this full-spectrum visibility to the device layer, Manifest sought a partner with true, native firmware expertise. That search led to NetRise, whose unique capabilities were purpose-built from the firmware layer up. The NetRise platform analyzes binary, compiled code that resides in firmware, real-time operating systems, and other software. NetRise creates accurate and comprehensive SBOMs that uncover hidden risks and prioritize remediation, with a focus on findings that are accessible via the network and that auto-run at system startup.
The integration allows Manifest customers to automatically generate and analyze SBOMs for firmware and embedded systems directly within the Manifest Platform, providing visibility that was previously impossible without access to source code. Organizations can now:
With NetRise’s firmware intelligence embedded in the Manifest Platform, customers can uncover vulnerabilities, misconfigurations, hard-coded secrets, easily cracked public/private key pairs, and outdated components hidden within device firmware. This ensures that even legacy or vendor-supplied systems are included in their risk posture. This is especially key for sectors dependent on legacy technology, such as healthcare providers operating decade-old MRI machines. Through the partnership and integration between Manifest and Netrise, these users can now assess the underlying software supply chain of those devices to ensure patient safety and compliance.
Robbie Robbins, vice president of partnerships, NetRise, said: “NetRise was built to end blind trust in software forever, and to allow both product security and third-party risk management teams to confidently answer the question, ‘Am I exposed?’ when incidents inevitably occur. Our strategic partnership with Manifest enables thought-leading agencies and enterprises to move from reactive risk management to proactive, full-stack transparency.”
Daniel Bardenstein, CEO, Manifest, said: “For years, organizations have been able to analyze the code they write and the containers they deploy, but not the firmware embedded on their devices. By incorporating NetRise’s compiled code and firmware analysis capabilities, we’re giving our customers the ability to see deeper into their supply chain than ever before. This bridges the gap between source code and container-based analysis that Manifest delivers today and the deployed reality of their systems, and it’s just the beginning of what we’ll enable together.”
Manifest is the leading platform securing the entire AI and software supply chain—from source code to models to third-party software. We empower product security and third-party risk teams to operate critical systems and applications with confidence by detecting and managing hidden software supply chain and AI risks at scale. The Manifest Platform provides end-to-end visibility and control across Product Security, AI Risk, and Supplier Risk, helping teams build secure, trusted software without losing velocity. Trusted across defense, healthcare, automotive, and other regulated industries to enhance product & AI security, third-party risk, and compliance. Learn more at www.manifestcyber.com
Based in Austin, Texas, NetRise protects organizations from cybersecurity risk with a revolutionary approach to software supply chain security. By analyzing compiled code rather than source code, its category-redefining platform creates a software asset inventory that identifies risk within the software actually installed on the systems critical to enterprise infrastructure. With NetRise, software producers and device manufacturers alike build a more accurate view of the software composition of their products. Likewise, cybersecurity professionals within the enterprise and federal government can quickly identify vulnerabilities and other software supply chain risks in the assets that run their organization. NetRise provides both groups with the means to respond quickly to threats identified by the NetRise platform. When unforeseen software vulnerabilities are exploited by bad actors, NetRise enables rapid identification, prioritization, mitigation, and policy updates, reducing material risk to the business. https://www.netrise.io
Manifest Media Contact
Shannon Van Every
Force4 Technology Communications
Shannon@force4.co
NetRise Media Contact
Michelle Kearney
Hi-TouchPR
Kearney@Hi-TouchPR.com