Stop Chasing Noise: How Execution-Aware Reachability Prioritizes Real Software Risk

NetRise’s Supply Chain Visibility and Risk Study (Q4 2024) found that the average networking device contained 1,120 known Common Vulnerabilities and Exposures (CVEs). The analysis showed that prioritizing vulnerabilities known to be exploited or accessible over the network can help teams focus their efforts where risk is highest. NetRise’s new reachability enhancement builds on that approach by adding execution context, revealing which components actually run, and under what conditions.

That’s the core challenge: static software security scans report everything that’s present, without discerning what actually executes. Research shows that more than 85% of known CVEs are not exploitable because they aren’t triggered at runtime or under active user privileges.

Without knowing what components actually execute, security teams waste time chasing theoretical vulnerabilities that pose no practical risk. Traditional scanners report everything that’s present, but not what’s actually vulnerable.

NetRise’s latest platform enhancement changes this. Execution-aware reachability introduces runtime insight that distinguishes signal from noise: showing which vulnerabilities are in components that autorun at system startup, and under which user privilege levels affected components execute. 

From Theory to Context

Based on NetRise’s extensive analysis of compiled software across device fleets, one theme continues to emerge: the presence of vulnerabilities is not the same as exposure to risk. Code can be vulnerable and still harmless if it never executes. But without understanding whether the code executes, many security tools treat every flagged component as equally urgent.

NetRise changes that by mapping execution paths initiated during system startup, user login, and service invocation, and then correlating those paths to user privileges. Behind the scenes, the platform builds a multi-hop graph of invocation relationships—from autorun mechanisms to scripts and downstream components—capturing how execution flows in real environments. This contextual lens helps you filter noise and focus on vulnerabilities with a real attack surface.

Reachability in Practice

Here’s what execution-aware reachability brings into focus:

• Insight into what actually executes at runtime or on a schedule
• Visibility into which users and privilege levels initiate those processes
• Evidence-based determinations of exploitability, with no need to run the software live
• The ability to eliminate dormant component noise from the outset

With NetRise’s reachability enhancement, execution configuration data reveals which components autorun. Service user context correlates execution privileges with the users who trigger them. And by mapping invocation chains, from startup mechanisms through scripts to downstream components, NetRise expands visibility across operating systems.

This approach shortens remediation cycles by eliminating dormant components (noise) upfront, helping teams act on vulnerabilities that are actually exploitable.

Other Platform Enhancements

NetRise also helps you remediate faster and maintain accurate Software Bill of Materials (SBOM) records.

Each Common Vulnerabilities and Exposures (CVE) entry now includes the minimum fixed version, so your team doesn’t waste time tracking down patch guidance.

With this platform enhancement, you can also edit SBOMs and enrich them directly in-platform. If build tools discard licensing or component metadata, you can restore it. You can manually update entries to reflect what the software actually contains, helping ensure SBOM accuracy during regulatory reviews or vendor assessments.

Architecture Updates Supporting New Capabilities

Behind the scenes, the NetRise platform has been reengineered to support high-volume analysis and enable faster delivery of future enhancements. This foundation improves performance at scale and powers new capabilities like execution-aware reachability, designed to surface exploitable vulnerabilities based on how software behaves during startup or scheduled operations. 

The Numbers, Reconsidered

Returning to that initial number—1,120 CVEs per device— while the study focused on network accessibility as a key prioritization signal, NetRise's new reachability release adds another critical filter: whether a vulnerability actually autoruns when the system starts up.

By combining these dimensions, the platform enables security teams to focus on vulnerabilities that are not just present and exposed, but have been known to have been exploited and are in components that actually run. Beyond reducing the noise that surges as the number of findings grows, NetRise’s execution-aware reachability realigns how risk is measured and managed.

Security teams don’t need more alerts. They need a sharper lens on what matters most. That’s exactly what execution-aware reachability now delivers.

See NetRise in Action at Black Hat

📍 August 6–10 — Meet the NetRise team at Black Hat and DEF CON
 💻 Prefer remote? Schedule a demo here!