COLUMBUS, Ohio — Nov. 10, 2021 — Finite State, the product security leader for connected devices, has released an automated risk scoring capability for IoT, the first to objectively and autonomously categorize a device’s security profile. This new risk scoring capability takes the guesswork out of the equation for security teams and provides tangible evidence of a security program’s effectiveness.

For decades, there has been no standard for assessing firmware risk. Individual security teams have struggled to find a concrete way to rank impact, leaving scores largely subjective. Finite State’s scoring capability goes beyond the standard risk assessment grid with contextual, automated scanning of weaknesses and vulnerabilities to provide objective, measurable impact scores. As a result, security teams now have a way to quickly and accurately evaluate their risk and prioritize fixes for the most vulnerable devices.

“This new model provides complete visibility into a device’s software, so that security teams know exactly what is vulnerable without having to manually search through thousands of lines of code. At the same time, teams can be confident that mitigation efforts are improving the hygiene of the device,” said Matt Wyckhouse, founder and CEO at Finite State.

“Adding this capability to our platform doesn’t just improve a device’s security posture, but saves time for security teams and reassures the end user that security is a priority.”

Finite State leveraged its platform against MITRE’s Common Weakness Enumeration (CWE) to develop a standard scale to quantify weaknesses within a device’s software. This eliminated the guesswork of assessing impact.

Customers can compare two pieces of firmware side by side and differentiate the risk levels between versions. It also allows users to sort through existing weaknesses and vulnerabilities to uncover risks most relevant to a specific area or the security flaws most likely to be exploited.

“Taking the speculation out of the risk assessment process is exactly what our customers have been looking for,” said Jeff Martin, VP of Product at Finite State. “Security practitioners now have the ability to objectively measure and quantify the value of their risk mitigation efforts.”

Learn more about how easy understanding IoT device risk is with Finite State.

About Finite State

Finite State empowers organizations to gain control of product security for their connected devices and supply chains. Backed by a team of seasoned experts, our automated product security platform arms our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. For more information, visit

Matt McLoughlin
Gregory FCA on behalf of Finite State
Phone: 610.996.4264

Subcribe to our blog!