Our latest platform addition moves vulnerability analysis beyond traditional static detection with pseudo-runtime analysis—mapping which CVEs actually execute within your environment.
The Problem: Visibility Without Context
Traditional vulnerability management stops at enumeration. Scanners and SBOM tools can tell you what exists in your environment, but not what actually runs, or the privileges with which it runs. This blind spot means that millions of vulnerabilities appear critical on paper but never execute in practice or their underlying components do not execute with the required privileges to be exploited.
At scale, the result is noise. Visibility alone floods teams with false positives, redundant CVEs, and theoretical risk. Without execution context, defenders spend time triaging issues that can never be exploited.
Execution-Aware Reachability
Execution-Aware Reachability adds a new layer of intelligence. By correlating known vulnerabilities with confirmed execution paths, NetRise distinguishes between code that merely exists and code that actively runs within live systems.
In other words: it transforms theoretical exposure into measurable operational risk.
How It Works
When NetRise analyzes firmware, containers, or binaries, it performs multi-phase analysis:
- Autorun Detection – Identify system entry points, and other autorun/persistence mechanisms.
- Execution Path Reconstruction – Map execution across files, modules and code within asset filesystems.
- Vulnerability Correlation – Cross-reference reachable code with CVE and vulnerability information.
- Prioritization and Presentation – Flag reachable vulnerabilities and provide contextual evidence showing how they’re reachable.
Quantifiable Impact
Since deployment, Execution-Aware Reachability has processed millions of vulnerabilities across production environments. The results speak for themselves:
| Metric | Count | Percent Reduction |
| Initial CVEs | 5,100,000 | - |
| Post-Auto Remediation | 3,255,000 | 36.2% |
| Reachable CVEs | 36,000 | 99.29% |
In one example, 30% of CVEs were confirmed as reachable within a specific asset – highlighting real exposure while eliminating 70% of noise.
Layered Prioritization in Action
Execution-Aware Reachability integrates directly with NetRise’s Kernel Vulnerability Auto-Remediation engine. The workflow looks like this:
- Visibility: Collect full software and firmware composition.
- Noise Reduction: Auto-remove false positives and redundant kernel CVEs.
- Execution Correlation: Confirm which vulnerabilities exist in active code and service paths.
- Action: Prioritize the 1% that matters.
In recent uploads of 40 new assets, NetRise identified 125,575 CVEs. Auto-remediation removed 48,445 non-actionable kernel findings. From the remainder, only 1.1% – 833 – were proven reachable.
Why It Matters
Attackers don’t exploit what’s installed — they exploit what runs. Execution-Aware Reachability gives defenders that same clarity, surfacing vulnerabilities in active execution paths and helping teams focus their resources where it counts.
Visibility without prioritization leads to fatigue. Prioritization without visibility creates blind spots. By combining the two, NetRise enables defenders to transition from reactive patching to proactive, evidence-based remediation.
The NetRise Perspective
At NetRise, our mission is to illuminate invisible risk within device software and firmware. Execution-Aware Reachability advances that mission by revealing which components and vulnerabilities actually execute.
Every connected device runs on complex layers of code — but only a fraction of that code ever runs. By focusing on the subset that executes, defenders gain:
- Evidence-based prioritization of vulnerabilities
- Quantifiable noise reduction (90%+)
- Demonstrable due diligence for compliance and audit
Coming Next
Next in our Cybersecurity Awareness Month series, we’ll turn to the 2025 draft of the Software Bill of Materials (SBOM) Minimum Elements, and explore how evolving standards are shaping transparency, automation, and the next generation of software assurance.
