Blog | Finite State

Blog

The Finite State Blog

Practical insights and articles from our SMEs to help product security teams cut triage noise, fix what matters faster, and deliver audit-ready proof to customers and regulators.

11 results

Penetration Testing

Why Pen Testing Is a Starting Point, Not the Finish Line

Pen testing offers point-in-time insight, but embedded security requires continuous visibility. Learn why lifecycle security beats one-and-done testin...

Larry PesceNOVEMBER 19, 2025

IoT & OT

The Human Element in Embedded Device Security: Insights from a Red Teamer

Embedded device security demands more than scans. Discover how red teaming uncovers real-world vulnerabilities through human ingenuity and adversarial...

Finite State TeamNOVEMBER 19, 2025

Product Security

Security by Design/Default Isn’t Optional Anymore: How Embedded Device Teams Can Get Ahead

Security by design is now a regulatory expectation. Learn how device teams can meet CRA, Cyber Trust Mark & global requirements with proactive securit...

Janet BodenbachNOVEMBER 18, 2025

Product Security

The Truth About False Positives in Embedded Security & How to Eliminate Them

Discover how to reduce false positives in embedded security with reachability analysis, EPSS scoring, and triage, so your team focuses on exploitable ...

Robert KelleyNOVEMBER 14, 2025

IoT & OT

Building a Compliance-Ready DevSecOps Pipeline for IoT & Embedded Systems

Build a compliance-ready DevSecOps pipeline for IoT & embedded systems with automated security, SBOMs, and CRA/RED/NIST-aligned tools.

Janet BodenbachJUNE 2, 2025

Software Supply Chain SecurityIoT & OT+1

Finite State vs. Mend.io: Choosing the Right Tool for Product Security and Compliance

Compare Mend.io vs Finite State: See why embedded device manufacturers choose Finite State for firmware SCA, SBOMs, and compliance-ready security.

Finite State TeamMAY 29, 2025

Software Supply Chain SecurityProduct Security

CI/CD, DevSecOps, and the Road to Security Maturity

Build secure connected products faster. Learn how to avoid common DevSecOps pitfalls and mature your CI/CD security for embedded and IoT environments.

Robert KelleyMAY 15, 2025

Product Security

Top 6 Ways Product Security Affects Your Bottom Line

Product Security for connected devices and embedded systems has a huge impact on sales, reputation, compliance, and other key factors for manufacturer...

Finite State TeamMARCH 30, 2022

Product Security

What Is Product Security?

Product security for connected devices is crucial. Learn why SAST, DAST, and traditional AppSec tools are not enough to secure embedded components.

Finite State TeamMARCH 10, 2022

SC Magazine: Device manufacturers need to rethink how to lock down IoT

As the number of IoT and embedded devices increases, device manufacturers must radically rethink their approach to product security.

StephanieJUNE 1, 2021

Software Supply Chain SecurityProduct Security+1

Security Processes for Connected Devices – Revisiting AppSec

We can learn a lot from application security processes when it comes to securing connected devices and embedded systems.

StephanieMARCH 31, 2021