Finite State, SRA partner to drive enhanced cybersecurity for connected devices

February 05, 2024

Software supply chain security firm Finite State and Security Risk Advisors (SRA), a vendor of cybersecurity engineering, testing, operations, and strategy, announced a partnership aimed at delivering advanced security solutions for automotive, medical, government, and industrial markets. The collaboration will empower organizations to better protect their assets, optimize their application security posture, help achieve regulatory compliance, and accelerate go-to-market initiatives.

The partnership is a strategic response to rising regulatory requirements such as the Food and Drug Administration’s (FDA) Final Cybersecurity Guidance, the EU Cyber Resilience Act (CRA), and Executive Order 14028.

“As the software supply chain problem manifests itself in attacks of greater frequency and intensity, we need comprehensive IoT, IoMT, and OT solutions that consolidate ever-increasing quantities of security information and deliver actionable data that can be used to validate and improve the security of software continuously,” Matt Wyckhouse, CEO at Finite State, said in a media statement. “Together with SRA, we can bring their leading cybersecurity consultancy and specialty services to our customers in order to better safeguard customer data, secure critical infrastructure, and ensure the integrity of connected systems in the face of emerging threats.”

“We are excited to partner with Finite State to deliver a holistic solution for software supply chain security which will enable our clients to better protect consumers, patients, and manufacturing environments,” said Jason Rivera, director at SRA.

New regulatory requirements necessitate a robust plan of action to monitor, identify, and address post-market cybersecurity vulnerabilities in a timely manner. They also require the development and maintenance of processes to ensure device and system cybersecurity, and the provision of a comprehensive software bill of materials (SBOM). The combined services and technology from SRA and Finite State will help address these requirements from a unified team.

The partnership will enable organizations to generate, enrich, and manage SBOMs, which provide software security practitioners with a complete inventory and analysis of the software components coming from their software supply chains and used in their connected devices, systems, or environments.

The platform helps to scan and analyze devices, networks, and software components, to provide deeper software security context and manage compliance while SRA provides product and site testing, control and technology enablement, threat modeling, program and strategy development, remediation, and security operations.