Manifest & NetRise join forces to secure software supply chains
Manifest has announced a strategic partnership with NetRise to provide customers with expanded visibility across the entire software supply chain, incorporating insights from both software and firmware.
The partnership aims to address security gaps that affect critical infrastructure, healthcare, and other sectors reliant on both bespoke software and legacy devices.
Supply chain gap
Enterprises and government agencies have increasingly adopted tools to secure software supply chains, such as source code analysis and container scanning. However, firmware-the proprietary code running devices underneath their operating systems-has remained a challenge to assess. This has left many organisations with a blind spot as attacks targeting this layer become more frequent, especially in industries with critical or ageing devices.
Unified risk view
The integration between Manifest and NetRise creates a combined platform for automated analysis and risk identification across source code, software components, and now firmware. Customers can generate and examine software bills of materials (SBOMs) for embedded systems without requiring access to source code. This expands coverage to vendor-supplied or legacy devices, such as medical or industrial equipment, allowing for continuous risk monitoring and compliance workflows.
Embedded firmware analysis
NetRise enhances the offering by providing intelligence on compiled, binary code. Its platform identifies vulnerabilities, misconfigurations, hard-coded credentials, and outdated components present within device firmware. The ability to uncover flaws at this layer is seen as crucial for sectors where outdated equipment remains essential to patient care or core business operations.
Addressing regulatory pressure
As regulations around SBOM and firmware transparency become more stringent, organisations are seeking more robust compliance solutions. The partnership aims to support customers in meeting these requirements, automating identification and remediation of risks throughout the stack.
"NetRise was built to end blind trust in software forever, and to allow both product security and third-party risk management teams to confidently answer the question, 'Am I exposed?' when incidents inevitably occur. Our strategic partnership with Manifest enables thought-leading agencies and enterprises to move from reactive risk management to proactive, full-stack transparency," said Robbie Robins, Vice President of Partnerships, NetRise
Proactive defence
Customers using the combined platform can perform deeper risk assessments, gain granular insight into device-level components, and close security gaps that were previously inaccessible. Healthcare providers, for example, can include medical device firmware in their compliance and safety evaluations, mitigating risks to patient safety and data protection.
Daniel Bardenstein, Chief Executive Officer, Manifest, said: "For years, organizations have been able to analyze the code they write and the containers they deploy, but not the firmware embedded on their devices. By incorporating NetRise's compiled code and firmware analysis capabilities, we're giving our customers the ability to see deeper into their supply chain than ever before. This bridges the gap between source code and container-based analysis that Manifest delivers today and the deployed reality of their systems, and it's just the beginning of what we'll enable together."
