18.3 C
Friday, May 24, 2024

Spectra Assure: ReversingLabs Tackles Software Supply Chain Security

Must read

Industry’s First AI-Driven Complex Binary Analysis Detects Malware and Malicious Code Before Software Is Shipped or Deployed – Without The Need For Source Code

ReversingLabs (RL), the trusted authority in software and file security, announced the release of Spectra Assure best-in-class software supply chain security solution, powered by the industry’s first AI-driven complex binary analysis to uncover material risk. Spectra Assure provides unparalleled protection against software supply chain attacks for software producers and the necessary critical risk analysis for enterprise software buyers.

“Spectra Assure answers the fundamental question for those shipping or deploying software: How do you know when your software has been compromised or tampered with? How do you know when your software is malware?” said Mario Vuksan, CEO and Co-founder, RL. “Spectra Assure fills the gap left by the limitations of traditional application security testing solutions so organizations can quickly identify malware or malicious code across proprietary, commercial and open-source software, as well as all elements or artifacts in your software.”

The Rise In Software Supply Chain Attacks

“Software supply chain attacks have seen triple-digit increases, but few organizations have taken steps to evaluate the risks of these complex attacks,” according to the recent Gartner® report Mitigate Enterprise Software Supply Chain Security Risks. “The lack of transparency and trust within the global software supply chain has emerged as a critical issue for organizations of all kinds.”

RL also spotlighted this increase in its recent State of the Software Supply Chain Security 2024 report, revealing that software supply chain threats on open-source alone have increased 1,300% over the last three years. RL also reported a 400% increase in malicious packages on the Python Package Index (PyPI) in 2023.

Spectra Assure Closes The Hole In The Software Supply Chain

Traditional application security testing solutions like SAST, SCA, or DAST are limited as they may only focus on open-source software, are not designed to identify malware or malicious components, and cannot analyze the entire software package. Organizations using only these tools risk having a blind spot or hole in the software supply chain, impacting both software producers and their business consumers.

Leveraging AI-driven complex binary analysis, Spectra Assure provides a comprehensive build exam that accurately identifies malware and tampering before release or deployment. It analyzes the entire software package, including first, second, and third-party components for threat detection. Spectra Assure is the only solution capable of handling large and complex software packages that are gigabytes in size, deconstructing and reporting on issues in as little as minutes or hours.

Spectra Assure Addresses Three Critical Challenges

The increase in software supply chain attacks impacts businesses in three critical areas which Spectra Assure addresses head on:

  • Critical Asset Protection. Help application security teams secure builds before their final release and vendor risk managers ensure software is safe to deploy.
  • Financial Impact. Reduce or eliminate financial losses.
  • Breach of Duty. Address the growing regulatory and compliance needs for corporations and their CISOs.

“Built on the world’s largest threat repository containing over 40 billion pieces of malware, goodware, and attack intelligence, Spectra Assure enables software producers and their enterprise buyers to identify compliance issues, exposures, and threats like malware, tampering, vulnerabilities, mitigation guidance, exposed secrets, and license issues – all without the need for source code,” said Tomislav Peričin, Chief Software Architect and Co-Founder, RL. “Our complex binary analysis delivers a comprehensive risk assessment report that lets you identify, assess, and resolve critical issues, delivering the trust and assurance you need before you ship or deploy your software.”

Delivering Critical Capabilities
Spectra Assure delivers the following critical capabilities to address the need for modern, comprehensive software supply chain security.

  • AI-Driven Complex Binary Analysis
  • Malware and Threat Detection
  • Tampering Identification
  • Software Integrity Validation
  • Secrets Detection
  • Vulnerability Prioritization
  • Hardening and Mitigation Guidance
  • Comprehensive Software Bill of Materials (SBOM)

More articles

Latest news