Supply chain, Critical Infrastructure Security

Cybeats, CodeSecure Partner for Supply Chain Management

Cybeats and CodeSecure are collaborating to help their joint customers "proactively monitor and remediate software supply chain security threats," according to the companies.

With the partnership, organizations can use CodeSecure's CodeSentry software composition analysis platform in conjunction with Cybeats' SBOM Studio solution, the companies said. That way, they can generate binary-derived software bill of materials (SBOM) intelligence and automate the detection, prioritization and mitigation of open-source vulnerabilities when no source code is available.

What Is a Software Bill of Materials?

An SBOM refers to an inventory of the components used in software. It also represents a "key building block in software security and software supply chain risk management," the U.S. Cybersecurity & Infrastructure Security Agency (CISA) points out.

In May 2021, President Biden issued a cybersecurity executive order (EO) that consisted of recommendations for how federal departments, agencies and contractors that worked with the government must safeguard their software. The order included a recommendation for a requirement to use SBOMs for software applications that the federal government uses.  

Cybeats and CodeSecure Help Organizations Identify and Address Security Risks

Together, Cybeats and CodeSecure provide "complete visibility of all known security risks," CodeSecure CMO Andrew Meyer said. They deliver insights that organizations can use to quickly respond to security risks and transition from point-in-time to continuous SBOM monitoring.

Furthermore, Cybeats and CodeSecure serve organizations in telecommunications, transportation and many other market verticals, Cybeats CRO Bob Lyle said. They also provide their joint customers with a solution that supports end-to-end SBOM propagation.

A Closer Look at Cybeats and CodeSecure

Cybeats specializes in SBOM management and software supply chain intelligence. Organizations can use Cybeats' products to "manage risk, meet compliance requirements and secure their software from procurement to development and operation," the company said. Cybeats has partnered with CodeSecure, Veracode and other cybersecurity and technology companies but does not currently offer a formal partner program for MSSPs.

CodeSecure was previously the products division of GrammaTech, which offers vulnerability detection and mitigation and other cybersecurity technologies. It provides application security testing (AST) solutions that organizations can utilize to "detect, measure, analyze and resolve vulnerabilities for software they develop or use," the business indicated. CodeSecure also offers a partner program.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.