NetRise, the leader in software supply chain security — helping companies inventory software assets and identify and respond to software risk — today announced the launch of a new product, NetRise ZeroLens.
NetRise’s category redefining platform creates a software asset inventory, which is critical to manage organizational risk. NetRise uniquely analyzes compiled code to find risk in software that actually executes on devices and other systems. This technique, known as binary composition analysis (BCA), identifies vulnerabilities not found through traditional vulnerability scanners or source code scans, prioritizing those before they are exploited.
NetRise ZeroLens adds to the platform’s capabilities by analyzing the compiled code for weaknesses (CWEs) that have not yet been identified or exposed as vulnerabilities. NetRise ZeroLens incorporates AI to summarize the CWEs found and guides remediation based on the context of the code around the discovered weaknesses.
“By identifying weaknesses in code already running on devices that are critical to the enterprise, NetRise ZeroLens provides CISOs and their teams a path to rapid detection and mitigation before those weaknesses are exposed as vulnerabilities,” said Thomas Pace, NetRise CEO. “The cybersecurity market has been begging for proactive vulnerability identification instead of constantly operating in a reactive model. NetRise ZeroLens is proactive vulnerability identification at scale.”
Benefits offered by NetRise ZeroLens include:
- Enhanced quantification of risk: NetRise ZeroLens identifies previously unknown weaknesses in binary software, enabling better risk management decisions in the enterprise.
- Vulnerability research at scale: NetRise ZeroLens enables ethical hackers and red team members to upload and analyze thousands of binaries concurrently, dramatically reducing the time required for manual analysis.
- Proactive detection of code weaknesses: By identifying vulnerabilities before they are exploited, NetRise ZeroLens prioritizes remediation and mitigation workflows for device manufacturer product security teams.
“Nearly all of the medical devices whose security we ensure run on firmware,” said Garrett Schumacher, Business Unit Director, Product Security at Velentium Medical. “NetRise ZeroLens gives us the ability to test software that other static analysis tools don’t handle well, for instance where no industry standard or insufficient rulesets for secure coding exist. We will use NetRise ZeroLens to enforce CWE analysis on such projects in addition to NetRise’s supply chain security offerings.”
Not only does NetRise ZeroLens identify potential vulnerabilities found within compiled code, but the product also creates AI-driven summaries of its findings to guide any actions needed to mitigate that risk. “NetRise ZeroLens provides researchers and developers specific guidance based on its findings,” said Michael Scott, NetRise CTO. “For example, if the tool finds a buffer overflow, the summary looks at the functions within the code, contextual usage, and can determine whether the input is user-supplied or static, informing and advising accordingly.”
A “zero-day” is a vulnerability in code that has no patch or other fix available. Until the vulnerability is remediated, threat actors can exploit it in a “zero-day attack.” Log4j is one of the most well-known zero-day exploits in recent years. Estimates at the time of its discovery in December 2021 indicate that nearly 90% of global enterprises were impacted by this incident that exploited a vulnerability in an extremely popular open-source library. Further research showed that even two years after the event, 38% of organizations continued to use vulnerable versions of the Log4j open-source library.
“NetRise ZeroLens builds on our founding vision by adding to the software asset inventory a look beyond vulnerabilities to finding weaknesses that have yet to be exploited by bad actors,” continues Pace. “This enhanced context allows for better understanding of risk within the organization and proactive planning to mitigate that risk.”
Resources
- Meet NetRise: Request a meeting with our team in San Francisco for the RSA Conference 2025 from 4/28 – 5/1.
- Schedule a Demo: To learn more about the value that a software asset inventory brings to global enterprises and device manufacturers alike, see a demo of NetRise ZeroLens.
- Happy Hour: RSVP now to join NetRise for HopSec Trivia Night on 4/29 at 5pm PT and Keys to Security: Dueling Piano Party on 4/30 at 5:30pm PT at The Grove, 690 Mission St, San Francisco, CA 94105. To attend our RSAC 2025 events, please visit: https://www.netrise.io/company/events/rsac-2025.
- For more information about NetRise ZeroLens, visit https://www.netrise.io/products/zerolens.
