With the partnership, organizations can use CodeSecure's CodeSentry software composition analysis platform in conjunction with Cybeats' SBOM Studio solution, the companies said. That way, they can generate binary-derived software bill of materials (SBOM) intelligence and automate the detection, prioritization and mitigation of open-source vulnerabilities when no source code is available.
What Is a Software Bill of Materials?
An SBOM refers to an inventory of the components used in software. It also represents a "key building block in software security and software supply chain risk management," the U.S. Cybersecurity & Infrastructure Security Agency (CISA) points out.
In May 2021, President Biden issued a cybersecurity executive order (EO) that consisted of recommendations for how federal departments, agencies and contractors that worked with the government must safeguard their software. The order included a recommendation for a requirement to use SBOMs for software applications that the federal government uses.
Cybeats and CodeSecure Help Organizations Identify and Address Security Risks
Together, Cybeats and CodeSecure provide "complete visibility of all known security risks," CodeSecure CMO Andrew Meyer said. They deliver insights that organizations can use to quickly respond to security risks and transition from point-in-time to continuous SBOM monitoring.
Furthermore, Cybeats and CodeSecure serve organizations in telecommunications, transportation and many other market verticals, Cybeats CRO Bob Lyle said. They also provide their joint customers with a solution that supports end-to-end SBOM propagation.
A Closer Look at Cybeats and CodeSecure
Cybeats specializes in SBOM management and software supply chain intelligence. Organizations can use Cybeats' products to "manage risk, meet compliance requirements and secure their software from procurement to development and operation," the company said. Cybeats has partnered with CodeSecure, Veracode and other cybersecurity and technology companies but does not currently offer a formal partner program for MSSPs.
CodeSecure was previously the products division of GrammaTech, which offers vulnerability detection and mitigation and other cybersecurity technologies. It provides application security testing (AST) solutions that organizations can utilize to "detect, measure, analyze and resolve vulnerabilities for software they develop or use," the business indicated. CodeSecure also offers a partner program.