Products

Protecode Supply Chain

Protecode Supply Chain is a comprehensive Software Composition Analysis solution to mitigate risks in complex software supply chains. Organizations can use it to gain visibility into the composition of purchased software, make better buying decisions, and manage the ongoing risk of operating complex systems and software.

As organizations grow, so does the software they buy or need to manage. They consume various systems and software from numerous suppliers to build, operate and maintain their critical business infrastructure. Organizations increasingly depend on complex software supply chain for third party software components. Most of the software is acquired from a complex supply chain of vendors, open source repositories, and contractors whose credentials are not known. Some of the challenges this brings are:

  • Software as a Patchwork: Virtually all software is built with the help of third-party components, including free and open source software (FOSS), commercial off the shelf code (COTS), and internally developed components, which are rarely sourced with security in mind and often contain vulnerabilities.
  • Deferred Accountability: Consumers of software and systems falsely assume that security and robustness are upstream responsibilities, bearing the risk of an unchecked software supply chain.
  • Ground Zero for Attacks: Vulnerable third-party software and components represent weak links in an organization’s software supply chain that provide a point of entry for attacks.

Protecode Supply Chain is a binary and run-time code analysis platform. It performs a quick analysis to identify third-party or open source components, their known vulnerabilities, their software licenses, and other risk-related information. Because Protecode Supply Chain analyzes the binary code, it can scan practically any software and system, including desktop and mobile applications, embedded system firmware, and more.

Key Features of Protecode Supply Chain

  • With Protecode Supply Chain, analyze systems and software without any access to source code. Supply chain management, acceptance testing, operations, and procurement teams can quickly and easily identify weak links in their software supply chain.
  • Scan Virtually Any Software or Firmware in Minutes. Gain visibility into essentially any software or firmware, including desktop and mobile applications, embedded system firmwares, virtual appliances, and more.
  • No Source Code Required. Simply upload the software you want to assess and Protecode Supply Chain performs a thorough binary or run-time analysis in minutes. This black box technique emulates an attacker’s approach to detect vulnerabilities.
  • Comprehensive Bill of Materials. Identify and catalog all third-party software components and licenses.
  • Manage Your Risk Profile. Diagnose software health by identifying known vulnerabilities and licensing obligations within software components.
  • Proactively Combat Code Decay. Receive alerts for newly discovered vulnerabilities that affect previously scanned software.
  • Flexible Delivery Model. Protecode Supply Chain is available as a cloud-based service or on-premise appliance.

Key Beneficiaries of Protecode Supply Chain

  • Mitigate operation risk by making informed decisions about the use and procurement of technology with realistic metrics
  • Software as A Patchwork: Virtually all software is built with the help of third-party components, including free and open source software (FOSS), commercial off the shelf code (COTS), and internally developed components, which are rarely sourced with security in mind and often contain vulnerabilities.
  • Deferred Accountability: Consumers of software and systems falsely assume that security and robustness are upstream responsibilities, bearing the risk of an unchecked software supply chain.
  • Ground Zero for Attacks: Vulnerable third-party software and components represent weak links in an organization’s software supply chain that provide a point of entry for attacks