PALO ALTO, Calif.–()–Data Theorem, Inc., a leading provider of modern application securitystarted today Secure Supply Chain, the industry’s first Attack Surface Management (ASM) product that addresses security threats in the software supply chain across the application stack of APIs, cloud services, SDKs and open source software. Data Theorem uniquely identifies third-party vulnerabilities across the application software stack with continuous runtime analysis and dynamic inventory discovery that goes beyond traditional static source code analysis approaches and software bill of materials (SBOM) processing.

High-profile security breaches such as SolarWinds, Kaseya, and Apache Log4j demonstrated the far-reaching damage that can be done to enterprise supply chains when third-party APIs, cloud services, SDKs, and open-source software contain vulnerabilities that allow hackers to infiltrate systems malicious attacks and extract sensitive data. These headline hacks expose gaps in coverage found in traditional static code analysis tools and the lack of security insights in most vendor management programs.

According to Gartner®, “72% of business professionals expect their third-party networks to expand moderately or significantly over the next three years.”1 According to another Gartner report, “By 2025, 45 percent of organizations worldwide will have experienced attacks on their software supply chain, triple the 2021 figure.”2

Current software supply chain security approaches focus on either supplier management or software composition analysis (SCA). However, these approaches often lack access to the source code for mobile, web, cloud, and commercial off-the-shelf software (COTS) and third-party API services. While neither approach can provide continuous security monitoring at runtime, with Data Theorem’s Supply Chain Secure product, organizations can now benefit from a full-stack attack surface management (ASM) solution that provides continuous detection of third-party application resources and enables dynamic third-party tracking. Data Theorem’s new supply chain product can automatically categorize assets under known vendors, allow customers to add more new vendors, curate individual assets under any vendor, and alert on increasing policy violations and high third-party embed rates in key applications. These automated capabilities enable vendor management teams to resolve supply chain security issues faster and more easily.

The Apache Log4j vulnerability has shown how difficult the current state of dynamic asset discovery between first-party and third-party software can be for any organization that builds and deploys software. Log4shell hacking, affecting over 3 billion devices worldwide, highlighted the widespread risk that a single exploit can pose in the software supply chain. The bug showed how important the creation of an accurate software bill of materials (SBOM) can be to improve third-party supply chain risk security. Data Theorem’s Supply Chain Secure product ingests SBOM files from vendors and its analyzer engine can dynamically generate SBOM inventories based on the applications themselves. Comparing the delta between what has been documented as third-party software and what the runtime application actually contains is an important aspect of any attack surface management to understand the real-world exposure to third-party software vulnerabilities.

According to a Gartner report, “Software bills of materials (SBOMs) improve the visibility, transparency, security and integrity of proprietary and open source code in software supply chains. To realize these benefits, software development leaders should integrate SBOMs throughout the software delivery lifecycle.” The report goes on to say, “By 2025, 60 percent of organizations building or sourcing critical infrastructure software will mandate and standardize SBOMs in their software development practices less than 20 percent in 2022.” Gartner also notes, “SBOMs are an essential tool in your security and compliance toolbox. They help continuously verify software integrity and alert stakeholders to security vulnerabilities and policy violations.”3

“While other software supply chain security approaches have emerged, no solution uses full-stack application runtime analysis and dynamic inventory discovery to support the challenges surrounding vendor management,” said Doug Dooley, chief operations officer at Data Theorem. “Data Theorem’s analyzer engine with Attack Surface Management (ASM) enables organizations to conduct continuous, automated security reviews with collection of application telemetry data. This allows customers to better manage the assets and risks of the third-party software supply chain across their vendors, suppliers, and their own software stacks.”

Data Theorem’s broad AppSec portfolio helps protect organizations from data breaches Application Security Testing and protection for modern web frameworks, API-driven microservices, and cloud resources. Its solutions are powered by its award-winning Analyzer Engine, which leverages a new breed of dynamic and runtime analysis that is fully integrated into the CI/CD process, enabling organizations to conduct continuous, automated security reviews and remediations. Data Theorem is one of the first vendors to deliver a full-stack application security analyzer that connects application attack surfaces, starting with the client layers in mobile and web, the network layers in APIs, and the infrastructure layers in cloud services.

Availability and Prices

Secure Supply Chain is available today directly from Data Theorem. Pricing starts at $15,000 per year. For more information, see

Note 1 – Gartner, “Improve Third Party Risk Management by Clarifying Procurement’s Role,” by the Procurement Research Team. August 16, 2021

Note 2 – Gartner, “How Software Engineering Leaders Can Mitigate Software Supply Chain Security Risks,” by Manjunath Bhat, Dale Gardner, and Mark Horvath. July 15, 2021

Note 3 – Gartner, “Innovation Insight for SBOMs,” by Manjunath Bhat, Dale Gardner, and Mark Horvath. February 14, 2022

Disclaimer – GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the US and internationally and is used herein with permission. All rights reserved.

About the record

record is a leading provider of advanced application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android) and web apps (single-page apps). Its core mission is to analyze and secure any modern application anywhere, anytime. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, web, mobile and cloud applications looking for security vulnerabilities and privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world. Data Theorem is headquartered in Palo Alto, California with offices in New York and Paris. For more information visit

Data Theorem and TrustKit are trademarks of Data Theorem, Inc. All other trademarks are the property of their respective owners.

Source link
#Data #Theorem #launches #industryfirst #Software #Supply #Chain #Attack #Surface #Management #product #manage #thirdparty #assets #AppSec

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.