Columbus, OH and Philadelphia, PA - [February 1, 2024] - Finite State, an industry leader in software supply chain security, and Security Risk Advisors (SRA), a leader in cybersecurity engineering, testing, operations, and strategy, are pleased to announce a strategic partnership aimed at delivering advanced security solutions for automotive, medical, government, and industrial markets. This collaboration will empower organizations to better protect their assets, optimize their application security posture, help to achieve regulatory compliance, and accelerate go-to-market initiatives. 

The partnership is a strategic response to rising regulatory requirements such as the Food and Drug Administration's (FDA) Final Cybersecurity Guidance, the EU Cyber Resilience Act (CRA), and Executive Order 14028.

New regulatory requirements necessitate a robust plan of action to monitor, identify, and address post-market cybersecurity vulnerabilities in a timely manner. They also require the development and maintenance of processes to ensure device and system cybersecurity, and the provision of a comprehensive software bill of materials (SBOM). The combined services and technology from SRA and Finite State will help address these requirements from a unified team.

The partnership will enable organizations to generate, enrich, and manage SBOMs, which provide software security practitioners with a complete inventory and analysis of the software components coming from their software supply chains and used in their connected devices, systems, or environments. The platform helps to scan and analyze devices, networks, and software components, to provide deeper software security context and manage compliance while Security Risk Advisors provides product and site testing, control and technology enablement, threat modeling, program & strategy development, remediation and security operations.

“As the software supply chain problem manifests itself in attacks of greater frequency and intensity, we need comprehensive IoT, IoMT, and OT solutions that consolidate ever-increasing quantities of security information and deliver actionable data that can be used to validate and improve the security of software continuously," said Matt Wyckhouse, CEO at Finite State. "Together with SRA, we can bring their leading cybersecurity consultancy and specialty services to our customers in order to better safeguard customer data, secure critical infrastructure, and ensure the integrity of connected systems in the face of emerging threats."

"We are excited to partner with Finite State to deliver a holistic solution for software supply chain security which will enable our clients to better protect consumers, patients, and manufacturing environments," said Jason Rivera, Director at Security Risk Advisors.

More about this partnership can be found on Finite State’s website: and also on SRA’s website:

About Security Risk Advisors

SRA’s Cyber Physical Systems security practice provides advisory architecture, engineering, and operations support throughout its clients’ OT and XIoT security programs. SRA works collaboratively with organizations to execute Cyber Physical Systems security programs and initiatives using industry experience, cross-vertical best practices and technical subject matter expertise. SRA’s team of specialized practitioners brings industry leading strategy, assessment, enablement of trusted technology solutions and 24x7 MSSP capabilities.

For additional information about Security Risk Advisors, please visit 

About Finite State

Finite State empowers organizations to gain control of application and product security for their connected devices and software supply chains. Across the software supply chain lifecycle, Finite State is the single pane of glass for customers that provides continuous visibility into software supply chain risk. Backed by a team of seasoned experts, Finite State’s platform arms customers with the automation to scale risk mitigation and 2B+ data points to deliver actionable SBOM’s and insights, critical vulnerability data and the remediation guidance necessary to mitigate AppSec and product risk to protect the connected attack surface.

For more information, please visit