Macnica signs agency agreement with Finite State, a company specializing in firmware diagnosis for IoT devices - Highly accurate automated analysis enables OSS vulnerability diagnosis and SBOM management -

Macnica (Headquarters: Yokohama City, Kanagawa Prefecture, President: Kazumasa Hara, hereinafter referred to as Macnica), a total Services & Solutions provider in semiconductors, networks, cybersecurity, and AI/IoT, will diagnose the firmware of IoT devices. We have announced that we have entered into an agency agreement with Finite State, Inc. (Headquarters: Ohio, USA, CEO: Matt Wyckhouse, hereinafter referred to as Finite State), which provides SaaS type SCA (software configuration analysis) tools. Masu.

In the development of IoT devices, the active use of OSS (Open Source Software) is spreading from the viewpoint of convenience and improvement of development speed. On the other hand, the number of incidents that exploit vulnerabilities inherent in OSS is increasing rapidly both in Japan and overseas. In the United States, in May 2021, a presidential decree that referred to the necessity of managing a "software bill of materials" called SBOM (Software Bill of Materials) was issued*, increasing the transparency and security of the software supply chain. The social movement is expanding, and it is conceivable that SBOM management efforts will progress in Japan in the future.

Macnica is now offering Finite State's SCA tool, which analyzes the configuration and automatically creates a diagnostic report by simply uploading firmware to Finite State's cloud platform. Even without specialized knowledge, it is possible to grasp the vulnerabilities and SBOM information inherent in the OSS installed in the firmware, making it possible to develop secure IoT devices while maintaining a sense of speed without any operational burden.

■ Features of Finite State's SCA tool

Easy firmware diagnosis
After uploading the firmware to Finite State's platform, a diagnostic report is created quickly and can be checked on the web. There is no need to provide an actual machine or source code, special environment, or specialized knowledge to use it.

● Vulnerability detection specialized for IoT devices
It supports a wide range of major OSs used in IoT devices. In addition, even if the OS is not supported by default, it can be flexibly supported by customization.

● Vulnerability detection with a wide range of matching criteria and risk categories
With Finite State's unique 13 types of matching criteria, it is possible to detect OSS components in a multifaceted manner, so it is possible to detect vulnerabilities without any omissions. In the diagnostic report, the detection of OSS components included in the firmware, known vulnerabilities CVE (Common Vulnerabilities and Exposures) included in the OSS components used, expired certificate information, hard-coded password information, etc.33 Risks can be grasped in various categories.

<Sample of diagnostic report showing OSS vulnerabilities>

<Sample of SBOM display of diagnostic report>

Regarding this agreement, Finite State Executive Vice President Kirk Appelman said:
"Globally, we are seeing a shift toward increasing software transparency and reducing software supply chain risk across the enterprise. We are pleased to partner with Macnica to broadly offer our platform in the Japanese market and work with a trusted technology partner toward a continuous SBOM management model to help customers reduce risk. We look forward to making this partnership a success and continuing to help improve security for Japanese companies."

Macnica has been supporting the construction of secure development processes for IoT devices by leveraging the deep knowledge and technical capabilities acquired through many years of experience and achievements in dealing with cutting-edge hardware, software, networks, and security. Through this collaboration with Finite State, which has extensive knowledge and experience in diagnostics for IoT devices, we will put even more effort into supporting product security for domestic manufacturers.

[Click here for product details]
https://www.macnica.co.jp/business/iot_security/manufacturers/finitestate/

[Click here for product inquiries]
Macnica Finite State product manager
TEL: 045-470-9843
E-mail: mac-cic@macnica.co.jp

*U.S. Executive Order issued in May 2021
"Executive Order on Improving the Nation's Cybersecurity"
https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

*Company names and product names mentioned in this text are trademarks or registered trademarks of Macnica and each company.
*The information published in the news release (including product price, specifications, etc.) is current as of the date of announcement. Please note that the information may be subject to change without prior notice.