ReversingLabs Spectra Assure

Additional Info

CompanyReversingLabs
Websitehttps://www.reversinglabs.com/
Company size (employees)100 to 499
Headquarters RegionNorth America

Overview

Gartner® reports, “Software supply chain attacks have seen triple-digit increases, but few organizations have taken steps to evaluate the risks of these complex attacks” and “The lack of transparency and trust within the global software supply chain has emerged as a critical issue for organizations of all kinds.”

Add it up and it’s clear—the “Era of Inherent Trust” is over, and the “Era of Transparency” has begun. ​Companies need a solution that can deliver that transparency across internal and external stakeholders and Spectra Assure delivers with a critical build exam that identifies software supply chain attacks and risks embedded in software components, artifacts, and LLM models. The analysis produces a shareable SAFE report that includes:
A comprehensive SBOM and risk assessment for malware, tampering, unwanted software changes, exposed secrets, critical vulnerabilities, and more.
Easily digestible assessment summary for executive-level stakeholders.
Threat-based prioritization and guidance for remediation teams.

Spectra Assure lets Software Producers trust the components from across their development pipeline. It identifies risks in any commit, build, or dependency throughout the SDLC, and/or stored within software repositories. It rapidly analyzes large, complex binaries and containers to ensure final releases are safe.

Because Spectra Assure does not require source code for analysis, software risk can be assessed before purchase and deployment, enabling enterprise buyers to protect assets, manage risks, and ensure compliance with regulatory requirements.

Since its 2024 launch, Spectra Assure has achieved the following:
Identified 624 million malicious URLs, 26% more than in 2023.
Confirmed 36 active software supply chain incidents with customers—malware not identified or stopped by traditional AppSec methods.
Achieved over 150% customer growth, with businesses joining SolarWinds, Crogl, AdriaScan, and others looking to gain the assurances that software is secure, free of malware and tampering, and compliant before release, purchase, or deployment.

Key Capabilities / Features

In addition to the differentiators detailed above, Spectra Assure also includes the following:


Only Spectra Assure detects indicators of tampering resembling known supply chain attacks (e.g. SolarWinds, 3CX, or XZ Utils) by providing easy-to-use pass/fail policies. Since threat actors mimic attack techniques without reusing the original malicious software, looking for known malware signatures will not flag these new attacks. Instead, Spectra Assure looks for a similar set of software behavior changes that can represent a zero-day threat to organizations.


Only Spectra Assure offers the SAFE Report: Spectra Assure analysis is synthesized into the Software Assurance Foundational Evaluation or SAFE Report, the most comprehensive SBOM and risk assessment of an application available today. SAFE report data can be exported in CycloneDX, SPDX, Sarif, pdf and HTML formats to share a variety of workflows. Secure report sharing enables software producers and enterprise buyers to:
Identify security, threat, and compliance issues within any software component, build artifact or LLM models before an application is released, purchased, or deployed.
Collaborate on remediation plans and validate that issues have been mitigated.
Respond to increased regulatory scrutiny with due diligence reporting on software built in-house or purchased from vendors.


Spectra Assure Community provides free access to risk assessments for more than six million code packages from open-source repositories, including npm, PyPI, RubyGems, and NuGet.With instant access and easy search capabilities, software producers can rapidly curate open-source without compromising security.


How we are different

Only Spectra Assure Sees and Stops Software Supply Chain Attacks: RL’s core innovation goes beyond the traditional legacy AST tools to find malware, tampering, unauthorized changes in software behaviors, signature issues, exposed secrets, and other threats because it analyzes the entire software binary - the proprietary, commercial, open-source code, and artifacts included in the build. Other solutions just do not provide this level of insight and analysis without the need for source code.


Only Spectra Assure Has AI-Driven Complex Binary Analysis: This processes large, complex software packages without needing source code. Spectra Assure analyzes risks in 400+ binary types, 4800+ file types, and all artifacts and components added during the build that others cannot, at a speed of ~1 GB in under 5 min. This delivers more than just an SBOM, but a best-in-class comprehensive risk analysis.


Spectra Assure Features the World’s Largest Threat Repository. Over 422 billion (totaling 23.92 PB) pieces of malware, goodware, proprietary threat research and attack intelligence are used to enable accurate threat detection and risk classification. This is more than eight times larger than the closest offering. In 2024 alone, RL added 67 billion files to its threat repository, an increase of 19%, which helps to ensure the most up-to-date file and network reputation data and context-rich intelligence are used to verify threat classifications.


  • Vote for this Nomination
    (click the thumbs-up icon to cast your vote)

Promote this Nomination

Browse Award Nominations