In section Releases

NetRise Taps Federal Integrators to Audit Software Supply Chain Security

Federal agencies struggling to move beyond static compliance checklists now have a new path to visibility: NetRise is launching a partner-led managed service designed to verify software through binary analysis, aiming to bridge the gap between aspirational security policies and the reality of deployed code across government networks.

NetRise Taps Federal Integrators to Audit Software Supply Chain Security

The Austin-based firm is partnering with Asc3nd Technologies Group to deploy its software supply chain risk management platform. Instead of relying solely on vendor-provided attestations, the service utilizes independent binary analysis to inspect compiled artifacts across firmware, operating systems, and containers. This approach seeks to provide a granular inventory of what is actually running in production environments, rather than what is documented on paper.

This shift arrives as federal agencies face mounting pressure from recent directives, including CISA Binding Operational Directive 26-04, which mandates risk-based prioritization for remediation. NetRise’s platform incorporates 'Provenance' intelligence to map components to their original maintainers and geographic regions, helping agencies assess the potential blast radius of compromised dependencies. The move also targets requirements set by recent executive orders regarding artificial intelligence and post-quantum cryptography, where identifying specific embedded cryptographic algorithms is becoming a critical compliance hurdle.

Thomas Pace, CEO of NetRise, argues that relying on questionnaires or isolated tools is no longer sufficient against modern threat actors. By integrating binary-derived evidence, the company aims to help agencies transition from simple compliance reporting to active, scalable risk management. The partnership with Asc3nd Technologies Group is designed to fold these capabilities into existing federal workflows, including continuous monitoring and incident response, ensuring that security teams can identify vulnerabilities that traditional source-based tools often miss.

Share:on TelegramXFacebook

Subscribe to our newsletter

Once a week — the best stories from our editors, no ads or push notifications. Delivered Sunday morning.

Comments (0)

Leave a comment

No comments yet. Be the first!