Fortress, CodeSecure align to analyze software bill of materials, remediate critical vulnerabilities

December 12, 2023

Fortress Information Security (Fortress) and CodeSecure announced on Monday a partnership to offer new capabilities to map open-source software components and find and understand quality and security defects in third-party or commercial software. CodeSecure, a leading provider of application security testing products, enables Fortress to expand its Software Bill of Materials (SBOM) security and remediation capabilities.

Fortress cybersecurity experts partner with public sector organizations and critical infrastructure stakeholders to fortify every link in the software supply chain. CodeSecure helps to identify open-source components and shared dependencies in software, containers, and mobile/desktop applications. In addition, CodeSecure conducts binary code analysis to detect security vulnerabilities in externally developed software components without access to source code.

“SBOMs are a critical tool for bolstering our national security and protecting critical infrastructure and defense assets from nation-state attacks,” Alex Santos, CEO of Fortress, said in a company statement. “CodeSecure enables us to build additional security and remediation capabilities that help our customers maximize all the potential of their SBOM deployments.”

The need for SBOM transparency is fundamental and critical. New research from Fortress found that software vulnerabilities can ‘lie in wait’ for up to three years before being detected, and 90% of products used by U.S. electric utilities contained software code developed in Russia or China, which was three times more likely to have critical severity vulnerabilities.

CodeSecure will help Fortress continue to expand its SBOM database and provide relevant risk data to critical industries via the North American Energy Software Assurance Database (NAESAD).

“Open-source software is an attack surface often exploited by cyber attackers,” said Andrew Meyer, chief marketing officer of CodeSecure. “The partnership with Fortress will enable our customers to not only catalog all their software components but also detect and remediate vulnerabilities before they can be exploited.”

In October, Fortress announced that it is now part of the Joint Cyber Defense Collaborative (JCDC), America’s preeminent public-private sector partnership of cybersecurity organizations. The company will share information to help America defend itself against cyber attacks. 