Finite State, Inc., software risk management provider, dealt for MergeBase, a software supply chain security solution company.

This move strengthens Finite State’s commitment to securing every aspect of the software development lifecycle (SDLC), improving security, visibility, and compliance across all digital environments, and empowering organizations to build and deploy more secure software and embedded systems.

The combined solution brings could bring software security from build to runtime. Leveraging the combined power of Finite State’s binary analysis and MergeBase’s deep source code analysis, it delivers software supply chain visibility and risk protection throughout the SDLC.

Software Composition Analysis (SCA) technology identifies vulnerabilities in proprietary, open-source, and 3rd-party code and generates detailed Software Bills of Material (SBOMs) for any software, firmware, infrastructure-as-code (IaC), and source code.

Going beyond traditional SCA capabilities, MergeBase’s patented Runtime SCA extends this protection, providing continuous monitoring for applications and mitigating vulnerabilities after deployment. This application hardening approach uses AI to continuously learn and improve accuracy, allowing organizations to proactively address known vulnerabilities and reduce their attack surfaces by 60–70 percent over time.

Schneider Bold

“The integration of MergeBase into Finite State marks a significant step forward in addressing the security needs of embedded systems and critical software,” said Matt Wyckhouse, chief executive of Finite State. “Our combined offering leverages the best of both worlds: Comprehensive binary analysis and top-tier source code security.”

Building secure software from the start has become critical due to increasingly stringent regulatory mandates, which emphasize the importance of transparency and risk mitigation in software supply chains. The combined solution’s deep visibility and actionable insights into the entire software supply chain ensures compliance and enhances security from the start. This extensive insight, including vulnerability enrichment, remediation guidance, and prioritization data, seamlessly integrates into existing CI/CD pipelines, boosting developer productivity and accelerating secure software delivery.

“We are thrilled to join forces with Finite State. Together, we will set a new standard for software security,” said Oscar van der Meer, chief executive of MergeBase. “The benefits of integrating source code analysis and binary analysis will enhance our customers’ ability to identify and remediate vulnerabilities early, reducing false positives and leveraging runtime protections to minimize risks.”

Terms of the deal were not immediately available.


Pin It on Pinterest

Share This