Products
netrise-platform-icon
NetRise Platform
Analyze compiled code to create accurate SBOMs and uncover risk within the software that actually executes on your devices and throughout your enterprise.
ZeroLens-icon
NetRise ZeroLens
Identify weaknesses in compiled software before bad actors find and exploit them.
integration-menu-img
Integrations
NetRise integrates seamlessly into your workflow. Explore our ecosystem to secure your software supply chain.
Solutions
Solutions

Explore our comprehensive solutions designed to meet diverse industry needs and use cases, ensuring security, compliance, and maximum efficiency.

Featured Article
d654602309a74ff97e7cda24e838b73f
The Limitations of Traditional Network-Based Vulnerability Scanning – And the Systematic Underestimation of
Software Risks
Use Cases
ph_seal-check-light
Compliance Adherence
Ensure compliance with global standards.
ph_chart-scatter-light
Continuous Monitoring
Real-time insights and alerts.
ph_warning-light
Holistic Risk Visibility
Achieve full visibility on vulnerabilities.
ph_list-checks-light
Inventory & Querying
Track and manage software assets.
ph_currency-circle-dollar-light
Return on Investment
Maximize risk-adjusted returns.
ph_hand-coins-light-1
SBOM Management
Maintain comprehensive software bills.
By Industry
ph_user-rectangle-light
Consulting Firms
Solutions for consultancy needs.
ph_barbell
Device Manufacturers
Compliance and security across devices.
ph_building-office-light
Enterprise Corporations
Security for large-scale environments.
ph_bank-light
Government Organizations
Reliable public sector solutions.
ph_ambulance-light
Healthcare
Secure and compliant healthcare data.
ph_lightning-light
Power & Utilities
Manage risk in critical infrastructure.
Resources
Resources

Explore our comprehensive solutions designed to meet diverse industry needs and use cases, ensuring security, compliance, and maximum efficiency.

Latest Resources
SCVis-report
Supply Chain Visibility &
Risk Study
Resource Library
ph_notepad-light
Blog
Stay informed with our last articles.
ph_newspaper-light
Whitepapers & Briefs
In-depth insights on industry standards.
ph_microphone-light
Webinars & Podcasts
Check our last webinars & podcasts
glossary-icon
Glossary
Master supply chain security terms.
News & Updates
ph_megaphone-light
Annoucements
Latest product and company updates.
ph_newspaper-clipping-light
In the News
View media coverage and news highlights featuring NetRise.
ph_calendar-star-light
Events
Upcoming industry conferences.
ph_medal-light
Awards
Industry recognitions and achievements.
Company
Company
about
About us
Learn more about our mission to enhance cybersecurity across industries.
careers
Careers
Explore exciting career opportunities to shape the future of secure technology.
security
Security
Discover our cutting-edge solutions to protect your digital infrastructure.
Schedule a Demo
Schedule a Demo
Supply Chain Risk Management (SCRM) Aug 13, 2025 3min read

The Pentagon's New Software Security Directive Calls for Deeper Supply Chain Validation

In a July 2025 memorandum, the Department of Defense (DoD) Chief Information Officer (CIO) was tasked with ensuring that all software, hardware, and cloud services the DoD develops or procures are secured against foreign influence, particularly from China and Russia. This includes validating that compiled software and firmware are free from undeclared components, malicious functionality, and supply chain tampering, threats that often go undetected without binary analysis

Foreign-Controlled Software: Still a Hidden Attack Vector

Nation-state actors continue to target software supply chains, not just through direct attacks, but by attempting to influence the technologies used inside critical systems. The memo explicitly calls for the elimination or mitigation of adversarial influence across both hardware and software.

Salt Typhoon, a campaign covered in a recent NetRise webinar, demonstrated how malicious functionality can persist within device-level software, delivered through otherwise legitimate-looking updates. These kinds of threats aren’t always visible in source code or documentation. They’re often hidden deep in compiled binaries, where traditional certification processes offer little protection.

Existing Programs Leave Gaps Below the Surface

The DoD plans to strengthen several existing programs and processes, including:

These initiatives help standardize secure development and procurement. But they don’t always reveal what actually executes even if they promote transparency and secure procurement, often via SBOMs and application security testing.

These approaches mainly assess build-declared components. They overlook what’s added or altered during the build process, leaving critical blind spots, especially where malicious foreign-developed or deeply embedded components may evade detection.

Binary analysis fills that gap. By examining the final, compiled software, Binary Composition Analysis (BCA) verifies what's actually delivered, regardless of its origin, build process, or packaging. This capability is essential to fulfilling the intent of secure software mandates, especially for critical and sensitive systems.

Proving What Actually Executes

When software reaches the final stages of delivery, it has often passed through multiple suppliers, build systems, and component aggregators. Even when SBOMs are provided, they’re often incomplete, particularly those generated from source artifacts rather than final builds.

Binary Composition Analysis (BCA) helps you:

  • Generate accurate and complete SBOMs directly from compiled code.
  • Identify undeclared components.
  • Detect tampering and suspicious additions at the binary level.
  • Attribute provenance and supply chain integrity with evidence.
  • Align with procurement and risk management requirements.

This approach transforms software trust from an assumption into something you can prove.

What the Defense Industrial Base Should Expect

The memo directs the DoD CIO to issue follow-up implementation guidance within 15 days of the memo’s release. That may include stronger inspection mandates, new binary validation workflows, or raise the bar for how vendors demonstrate software integrity.

While the memo doesn’t ban all foreign-developed software outright, it signals a growing concern around how adversaries could exploit gaps in the software supply chain. Detecting undeclared or tampered components is now a baseline expectation, not just a security best practice.

If you build or deliver software, hardware, or cloud services to the DoD, now is the time to prepare. Future contracts may depend on your ability to show what’s inside your software, and prove it’s safe to use. 

NetRise Helps You Meet the Moment

NetRise delivers the deep visibility that traditional tools miss. Our platform inspects final software and firmware to generate binary-derived SBOMs, uncover tampering, and trace supply chain origin with precision.

Whether you build software or buy it, we help you understand what actually executes inside your systems, and give you the evidence to prove you’re meeting evolving DoD requirements. 

Learn more about the NetRise platform today!

Stay up to date with the news

Sign Up To Get Our Free Insights Delivered To Your Inbox