Supply chain, Risk Assessments/Management, AI/ML, MSP, MSSP, Industry Regulations, Government Regulations

NetRise brings managed software supply chain risk management to federal partners

Supply chain vulnerability being exploited through a cyber attack on text code in an editor.

NetRise has launched a partner-led managed software supply chain risk management offering for the federal market, with Asc3nd Technologies Group named as a strategic launch partner. The offering is designed for federal integrators and managed service providers who support agencies with software risk management across acquisition, authorization, monitoring, and incident response. NetRise said the program combines its binary analysis of compiled software with NetRise Provenance, which adds context around software origin, maintainers, contributors, repository health, and downstream exposure.

The launch comes as federal agencies face more pressure to understand what software is running inside their environments and where that software creates risk. NetRise pointed to recent federal actions around risk-based vulnerability remediation, AI security, and post-quantum cryptography as drivers for better software visibility. That includes the need to prioritize remediation based on asset exposure and known exploited vulnerabilities, as well as future cryptographic inventory work tied to post-quantum migration deadlines.

Agencies often rely on vendors, open source components, and third-party products they do not fully control, but still have to assess, approve, and defend. For security partners, the offering creates a managed service path around software supply chain risk. NetRise said partners can use the platform to validate vendor-provided SBOMs against compiled artifacts, build a binary-derived software inventory, identify cryptographic algorithms and libraries in software and firmware, and support federal workflows tied to vendor onboarding, RMF, ATO, continuous monitoring, and incident scoping.

NetRise is also positioning federal integrators and MSPs as the delivery layer that can turn software supply chain visibility into ongoing risk management. The company also recently entered into an agreement to be acquired by Accenture, and said that after close, NetRise will operate under Dragos, tying this launch to a broader security services and OT cybersecurity push.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

You can skip this ad in 5 seconds