Products
netrise-platform-icon
NetRise Platform
Analyze compiled code to create accurate SBOMs and uncover risk within the software that actually runs on your devices and throughout your enterprise.
ZeroLens-icon
NetRise ZeroLens
Identify weaknesses in compiled software before bad actors find and exploit them.
integration-menu-img
Integrations
NetRise integrates seamlessly into your workflow. Explore our ecosystem to secure your software supply chain.
Solutions
Solutions

Explore our comprehensive solutions designed to meet diverse industry needs and use cases, ensuring security, compliance, and maximum efficiency.

Featured Article
d654602309a74ff97e7cda24e838b73f
The Limitations of Traditional Network-Based Vulnerability Scanning – And the Systematic Underestimation of
Software Risks
Use Cases
ph_seal-check-light
Compliance Adherence
Ensure compliance with global standards.
ph_chart-scatter-light
Continuous Monitoring
Real-time insights and alerts.
ph_warning-light
Holistic Risk Visibility
Achieve full visibility on vulnerabilities.
ph_list-checks-light
Inventory & Querying
Track and manage software assets.
ph_currency-circle-dollar-light
Return on Investment
Maximize risk-adjusted returns.
ph_hand-coins-light-1
SBOM Management
Maintain comprehensive software bills.
By Industry
ph_user-rectangle-light
Consulting Firms
Solutions for consultancy needs.
ph_barbell
Device Manufacturers
Compliance and security across devices.
ph_building-office-light
Enterprise Corporations
Security for large-scale environments.
ph_bank-light
Government Organizations
Reliable public sector solutions.
ph_ambulance-light
Healthcare
Secure and compliant healthcare data.
ph_lightning-light
Power & Utilities
Manage risk in critical infrastructure.
Resources
Resources

Explore our comprehensive solutions designed to meet diverse industry needs and use cases, ensuring security, compliance, and maximum efficiency.

Latest Resources
SCVis-report
Supply Chain Visibility &
Risk Study
Resource Library
ph_notepad-light
Blog
Stay informed with our last articles.
ph_newspaper-light
Whitepapers & Briefs
In-depth insights on industry standards.
ph_microphone-light
Webinars & Podcasts
Check our last webinars & podcasts
glossary-icon
Glossary
Master supply chain security terms.
News & Updates
ph_megaphone-light
Annoucements
Latest product and company updates.
ph_newspaper-clipping-light
In the News
View media coverage and news highlights featuring NetRise.
ph_calendar-star-light
Events
Upcoming industry conferences.
ph_medal-light
Awards
Industry recognitions and achievements.
Company
Company
about
About us
Learn more about our mission to enhance cybersecurity across industries.
careers
Careers
Explore exciting career opportunities to shape the future of secure technology.
security
Security
Discover our cutting-edge solutions to protect your digital infrastructure.
Schedule a Demo
Schedule a Demo
Supply Chain Risk Management (SCRM) Jul 14, 2025 4min read

How Omdia Sees the Firmware and Software Supply Chain Security Landscape in 2025

As regulations around connected devices tighten and threat actors evolve, organizations are being pushed to rethink how they approach software and firmware risk. The 2025 Omdia Market Radar: Firmware and Software Supply Chain Security report offers a clear view into what matters now—and what’s coming next.

This report goes beyond surface-level vendor comparisons. Omdia explores what defines leadership in this space, why device-level visibility matters, and how innovation in Software Bill of Materials (SBOM) management, vulnerability triage, and binary analysis is shaping security outcomes. If you’re responsible for software risk in your organization, this analysis is worth your attention.

Firmware Security Moves to the Forefront

Omdia’s report highlights a shift: firmware security, once considered a niche concern, is now a critical part of software supply chain security (SSCS). The reason is simple—code within devices isn’t just another layer. It's foundational to how connected systems behave, and it often contains hidden risks that go undetected in traditional scanning workflows that focus on source code analysis.

Many organizations, especially those in healthcare, transportation, and critical infrastructure, can’t access the source code powering the operational systems and devices they purchase. That makes binary analysis a prerequisite for understanding risk. According to Omdia, this is why leading vendors in the space are focused on analyzing compiled artifacts, the code that actually executes.

The SBOM Landscape Has Matured

SBOMs are no longer a nice-to-have, or even just a compliance checkbox. Omdia notes a sharp transition from simple SBOM generation to robust SBOM management. That includes:

  • Organizing SBOMs as living assets
  • Comparing and merging SBOM data across builds
  • Analyzing SBOMs for known vulnerabilities, cryptographic risk, or exposure to third-party AI models
  • Automating compliance reporting using formats like VEX (Vulnerability Exploitability eXchange)

Regulatory momentum plays a role here. U.S. Executive Order 14028 mandates SBOM use for suppliers to the federal government. Similar mandates are emerging globally, including the EU Cyber Resilience Act (EU CRA) and DORA in Europe, Singapore’s Cybersecurity Labelling Scheme (CLS) Japan’s Cyber/Physical Security Framework (CPSF), and China’s MLPS 2.0 framework. While the regulations are region specific, they apply to vendors who sell into those regions, making them critical to U.S. companies operating globally. Beyond compliance, SBOMs are becoming a primary data source for software risk decisions. Omdia also expects the rise of CBOMs (cryptographic bills of materials) and AIBOMs (AI bills of materials) to further expand the scope of supply chain visibility.

NetRise Earns Recognition for Innovation and Technical Depth

In its vendor assessment, Omdia highlighted which vendors are pushing the boundaries of software supply chain innovation—and where technical leadership is emerging. NetRise received the highest designations—”Advanced,” meaning “Very Strong,” in:

  • SBOM generation and management
  • Vulnerability management and triage
  • Innovation and strategy

Omdia specifically called out NetRise’s innovation around AI-assisted search, operational SBOM use, and binary-first analysis—technical differentiators that help teams move from visibility to action. By focusing on compiled code rather than just source code, NetRise enables both device manufacturers and security analysts to assess the risk of what actually executes, even when the original code isn't available.

The platform also supports risk scoring, VEX generation, and context-rich prioritization, helping you avoid alert fatigue while focusing on what matters most.

Binary vs. Source Code Analysis: Why Both Matter

According to Omdia, most SSCS vendors fall into one of two technical camps:

  • Source Code Analysis (SCA): This approach inspects code early in development. It’s useful for internal teams but has limited reach when working with third-party software or proprietary components.
  • Binary Analysis: This examines compiled code, which makes it especially useful for asset owners, third-party risk teams, and any situation where you don’t control the original source.

Some vendors now support both approaches, and Omdia expects this trend to continue. For example, your development team might use SCA tools internally, while your security operations team needs binary visibility into commercial off-the-shelf software or firmware in the field.

NetRise's strength lies in its binary-first methodology. You can analyze compiled firmware, create accurate SBOMs, and uncover vulnerabilities that never surface in source code scans. This complements—not competes with—your existing tools.

What’s Coming Next: Proactive, Lifecycle-Aware Security

Omdia calls attention to a growing need for SBOM enrichment, not just generation. That includes integrating with CI/CD pipelines, surfacing CWEs (Common Weakness Enumerations) early, and helping teams prioritize risks in context. The report notes that vendors must evolve beyond simple detection and toward automation, triage, and lifecycle integration.

NetRise’s roadmap reflects this shift. Omdia highlights the following technical focus areas:

  • Expanding support for compiled artifact analysis across more device types
  • Automating triage workflows and risk scoring
  • Adding runtime analysis via agent-based scanning for cloud and endpoint environments
  • Supporting developers with SBOM comparison and merge features
  • Detecting zero-days through reachability and contextual weakness analysis

These capabilities support what Omdia sees as the future of SSCS: real-time insight into the software that actually executes, paired with automation to guide remediation and compliance.

Why This Matters for You

Whether you're building connected medical devices or managing risk across an industrial control network, you need more than static inventory. You need visibility into the compiled software and firmware your organization relies on. More importantly, you need that visibility to drive action, not overwhelm your team with noise.

Omdia’s 2025 analysis provides a clear signal in a noisy market. It identifies the capabilities that matter most, context-aware SBOM management, binary inspection, automation, and strategic innovation, and points to the vendors advancing the state of the art.

If you're reassessing how you approach software supply chain security, this is a report worth a close read.

Stay up to date with the news

Sign Up To Get Our Free Insights Delivered To Your Inbox