NOMINATION HIGHLIGHTS

2025 ReversingLabs data shows software supply chains are a primary attack surface, exploited by cybercriminals and state-sponsored actors. Only Spectra Assure provides enterprises with visibility and controls for software supply chain attacks, where traditional tools and processes fall short.

Organizations can validate the integrity and security of internal or third-party software before curation, release, procurement, or deployment. It automatically inspects open-source packages, developer tool extensions, artifact repositories, build outputs (binaries, containers, packages, and AI models), final releases and software updates, identifying malware, tampering evidence, known vulnerabilities, insufficient code hardening, licensing violations, and more. The analysis creates comprehensive “SAFE” reports, translating technical analysis into visibility into software composition, third-party component provenance, and compliance with customizable policies matching organizations’ risk tolerances.

This can be applied at multiple stages during the SDLC for human and AI-generated software, at final build validation, or before purchasing/deploying third-party software. The ability to assess software binaries without needing source code makes it the only true primary control point for third-party software risk. Traditional controls (e.g. security questionnaires, SOC 2 reports) cannot confirm whether commercial software or updates are safe. Spectra Assure gives organizations control to securely enable software, workload, and AI stack approval, and verify software integrity, from the third-party component used to build an application to the final build you release or deploy.

New Capabilities:

Extended Bill of Materials: Extends software composition analysis to AI/ML models (ML-BOM), cryptography (CBOM), and access to external AI, collaboration, data sharing and other services (SaaSBOM). Data sharing in CycloneDX format helps organizations adhere to compliance mandates ( DORA and CRA) and support post-quantum cryptographic programs.

Secure VMs: Provides fastest path to assess risks in virtual machines. It’s the only risk analysis of VMs not requiring deployment, runtime access, or agent installation. Spectra Assure Community: Provides free visibility into risks hidden in 6.5+ million open-source packages on npm, PyPi, RubyGems, and NuGet. New support includes VS Code Extension Marketplace, PowerShell Gallery repository, Model Context Protocol Server Registry.

Spectra Assure Insights:

Teams can: Understand the scope of problems with consolidated views of related issues across multiple SAFE reports. Leverage pre-built searches to automatically detect “toxic combinations” of issues, normally requiring domain knowledge to identify. Save searches for one-click answers to common questions, improving productivity. Confidently make decisions with access to issue details, number of affected packages, trend graphs, and package context, including release status/SAFE levels. Additional Information for Judges (400 words) What