Finite State Blog

Software Supply Chain

How to Deal with Opaque Vendors: Securing Components Without Source Code Access
Opaque Vendors: How to Secure Components Without Source Code Access

How to Deal with Opaque Vendors: Securing Components Without Source Code Access

Jul 4, 2025 5:44:18 PM 8 min read
Software Supply Chain Security Metrics: What to Measure & Why
Software Supply Chain Security Metrics: What to Measure & Why

Software Supply Chain Security Metrics: What to Measure & Why

Jun 26, 2025 6:11:43 PM 3 min read
The Open Source Trojan Horse — Hidden Risk in Reused Code
OSS Trojan Horse: The Hidden Risks of Open Source in Embedded Systems

The Open Source Trojan Horse — Hidden Risk in Reused Code

Jun 2, 2025 10:45:01 AM 1 min read
Think Your Source Code Is Secure? Check Your Firmware
Think Your Source Code Is Secure? Check Your Firmware First

Think Your Source Code Is Secure? Check Your Firmware

Jun 2, 2025 10:30:00 AM 2 min read
Shellfish, SBOMs, and Firmware: A Security Tale You Won’t Forget
You Can’t Secure What You Can’t See: Is Your Scanner Blindfolded?

Shellfish, SBOMs, and Firmware: A Security Tale You Won’t Forget

May 30, 2025 1:30:32 PM 2 min read
Finite State vs. Mend.io: Choosing the Right Tool for Product Security and Compliance
Finite State vs. Mend.io: Choosing the Right Tool for Product Security and Compliance

Finite State vs. Mend.io: Choosing the Right Tool for Product Security and Compliance

May 29, 2025 1:47:36 PM 6 min read
CI/CD, DevSecOps, and the Road to Security Maturity
CI/CD, DevSecOps, and the Road to Product Security Maturity

CI/CD, DevSecOps, and the Road to Security Maturity

May 15, 2025 12:34:56 PM 4 min read
Beyond Automation: Why Deep Binary Analysis is Critical for IoT Security Success
Beyond Automation: Why Deep Binary Analysis is Critical for IoT Security Success

Beyond Automation: Why Deep Binary Analysis is Critical for IoT Security Success

May 7, 2025 2:23:12 PM 2 min read
The 2025 Verizon Data Breach Investigations Report: What It Means for Product and Supply Chain Security
The 2025 Verizon Data Breach Investigations Report: What It Means for Product and Supply Chain Security

The 2025 Verizon Data Breach Investigations Report: What It Means for Product and Supply Chain Security

May 6, 2025 4:50:32 PM 2 min read
Managing Open-Source Dependencies in IoT Software: Best Practices
Managing Open-Source Dependencies in IoT Software: Best Practices

Managing Open-Source Dependencies in IoT Software: Best Practices

Apr 9, 2025 6:43:15 AM 4 min read
Maximizing ROI with Dual-Layer Security Scanning: Source Code & Binary Analysis Best Practices
Source Code & Binary Analysis Best Practices

Maximizing ROI with Dual-Layer Security Scanning: Source Code & Binary Analysis Best Practices

Apr 9, 2025 6:16:57 AM 2 min read
Is SSDLC the Secret to Surviving Global Cybersecurity Regulations?
Is SSDLC the Secret to Surviving Global Cybersecurity Regulations?

Is SSDLC the Secret to Surviving Global Cybersecurity Regulations?

Apr 4, 2025 2:16:26 PM 3 min read
Implementing End-to-End Software Supply Chain Security: Best Practices
How to Implement End-to-End Software Supply Chain Security

Implementing End-to-End Software Supply Chain Security: Best Practices

Apr 3, 2025 12:39:09 PM 9 min read
Source Code vs. Binary Analysis: How Dual-Layer Security Protects Software Supply Chains
Source Code vs. Binary Analysis: A Dual Approach to Software Security

Source Code vs. Binary Analysis: How Dual-Layer Security Protects Software Supply Chains

Mar 14, 2025 5:41:32 PM 5 min read
How Artificial Intelligence is Revolutionizing Supply Chain Security in 2025
How Artificial Intelligence is Revolutionizing Supply Chain Security in 2025

How Artificial Intelligence is Revolutionizing Supply Chain Security in 2025

Mar 7, 2025 1:27:57 PM 3 min read