New Platform Version Features Extended SBOM with Multi-Source Ingest and Aggregation to Scale AppSec Operations Across the Software Supply Chain

COLUMBUS, Ohio, and Miami, FL (S4X23) - Feb. 13, 2023Finite State, the leader in managing software supply chain risk for the enterprise, today announced its Next Generation Platform featuring extended SBOM management with the ability to ingest and aggregate 120+ external data sources. The new platform gives Application and Product Security teams a unified and prioritized risk view with unprecedented visibility across the software supply chain lifecycle to scale operations through continuous, next-generation risk management. 

The launch of the Next Gen Platform will enable Finite State customers to continuously and confidently reduce risk across ‘any-party’ software, firmware, or applications through a singular lens. Already featuring over 2 billion data points of analysis, AppSec and Product Security teams will be able to leverage external tooling and feeds to build the most comprehensive SBOM (Software Bill of Materials) in the market, detailing all vulnerabilities on software components and dependencies. 

The SBOM has emerged as the most critical output for any organization needing comprehensive visibility into their software supply chain to ship secure products, satisfy customer and vendor requests, and meet regulatory requirements. Finite State’s best-in-class binary SCA (software composition analysis) decomposes binaries (in contrast to source code) to enable enterprise teams with continuous SBOM management capabilities to drive down AppSec risk.  

According to Gartner, “By 2026, at least 60% of organizations procuring mission-critical software solutions will mandate SBOM disclosures in their license and support agreements, up from less than 5% in 2022.” The capability of generating an SBOM, using the SBOM to take corrective action and managing the SBOMs across the software supply chain will be on full display in S4x23’s SBOM Challenge. Finite State will compete to demonstrate its capability to fully analyze a heterogeneous collection of firmware images. Finite State’s approach from its inception has been to deliver next generation SCA with robust automation capabilities that align to expected market growth as defined by industry experts. According to Gartner: “By 2024, 90% of software composition analysis tools will be able to generate and verify SBOMs to help securely consume open-source software, up from 30% in 2022.

Finite State’s Next-Generation platform features will include: 

  • End-to-end SBOM solution: The most comprehensive solution for generating, collecting, visualizing, and distributing SBOMs in your supply chain.
  • Unified AppSec and Product Security Risk Management: Ability to ingest data from 120+ scanners and feeds, to unify all the tooling and intelligence used to secure products or systems, within the full context of the AppSec or Product Security environment.
  • Advanced guidance: Remediation guidance that aggregates and reconciles results across all scans, generated or ingested for context-aware recommendations.
  • World-class binary SCA: Enhanced SBOM capabilities to decompose a product or asset into its many components for a laser-focused risk assessment.
  • Intuitive scoring system: A robust scoring methodology that effectively conveys risk levels of a product or asset through a straightforward numerical scale, backed by sophisticated risk prioritization.
  • Complete VEX support: Import and export all VEX formats, with advanced vulnerability intelligence correlation.

“There’s been a significant shift in the composition of enterprise software, and the cybersecurity market hasn’t kept pace to align with how software is built,” said Matt Wyckhouse, Founder and CEO, Finite State. “AppSec and product security teams are looking to automate embedded system assessment and analysis so they can ensure security across any phase of product development, as risks in the software supply chain are increasing rapidly. Our Next Generation Platform is addressing the needs of software producers and consumers to drive down software supply chain risk with the peace of mind they need to ship or deploy connected products securely.


To register for a demo of Finite State’s Next Gen Platform, please visit: Or visit the SBOM Pavilion at S4X23 to see our Next Generation platform in action. 

About Finite State: 

Finite State empowers organizations to gain control of application and product security for their connected devices and software supply chains. Across the software supply chain lifecycle, Finite State is the single pane of glass for customers that provides continuous visibility into software supply chain risk.

Backed by a team of seasoned experts, Finite State’s platform arms customers with the automation to scale risk mitigation and 2B+ data points to deliver actionable SBOM’s and insights, critical vulnerability data and the remediation guidance necessary to mitigate AppSec and product risk to protect the connected attack surface. 

For more information, visit

1 “Emerging Tech: A Software Bill of Materials Is Critical to Software Supply Chain Management,” Gartner, Driver, Mark, September 6, 2022.

2 Ibid