Blog | Finite State

Blog

The Finite State Blog

Practical insights and articles from our SMEs to help product security teams cut triage noise, fix what matters faster, and deliver audit-ready proof to customers and regulators.

9 results

Compliance & Regulations

How Multi-Modal Scanning Simplifies CRA Compliance

Learn how combining binary analysis, source code scanning, and SBOM ingestion enables full-spectrum vulnerability visibility for EU CRA compliance.

Dario LobozzoDECEMBER 11, 2025

Software Supply Chain SecurityAI in Cybersecurity

How to Deal with Opaque Vendors: Securing Components Without Source Code Access

Learn how to secure IoT components from opaque vendors without source code access, using binary analysis and penetration testing for compliance.

Edwin ShuttleworthJULY 5, 2025

Product Security

Building a Modern IoT Security Stack: From Source to Firmware

Don’t just scan your source—secure your full IoT stack. Learn how to build a modern, layered security strategy from code to firmware and beyond.

Larry PesceJUNE 2, 2025

Software Supply Chain SecurityProduct Security

The Open Source Trojan Horse — Hidden Risk in Reused Code

Open source powers IoT, but hidden components and transitive risks expose your products. Learn how to secure what you didn’t even know you shipped.

Larry PesceJUNE 2, 2025

Software Supply Chain SecurityProduct Security

Think Your Source Code Is Secure? Check Your Firmware

Attackers target what runs, not what’s written. Learn why binary-level firmware analysis is essential for real IoT security and regulatory compliance.

Larry PesceJUNE 2, 2025

Software Supply Chain Security

Shellfish, SBOMs, and Firmware: A Security Tale You Won’t Forget

Many scanners miss critical IoT risks hidden in binaries and firmware. Learn why visibility beyond source code is essential for secure, compliant prod...

Larry PesceMAY 30, 2025

Software Supply Chain SecurityProduct Security

Maximizing ROI with Dual-Layer Security Scanning: Source Code & Binary Analysis Best Practices

Combine source code and binary analysis in DevSecOps to catch more vulnerabilities, reduce risk, and meet compliance requirements with confidence.

Larry PesceAPRIL 9, 2025

Software Supply Chain SecurityProduct Security

Source Code vs. Binary Analysis: How Dual-Layer Security Protects Software Supply Chains

One security scan method creates blind spots. Learn why combining source code & binary analysis is key to closing software supply chain security gaps.

Finite State TeamMARCH 15, 2025

Software Composition Analysis

How to Identify Vulnerabilities in Open Source Code

Learn about open-source software vulnerabilities, inc. buffer overflows, SQL injections, XSS, & insecure dependencies, & identification methods.

Hannah BeazleyJULY 30, 2024