Exiger announces the acquisition of software supply chain risk visibility platform aDolus Technology Inc. This acquisition enhances Exiger’s software supply chain visibility capabilities by integrating aDolus’ ability to generate software bills of material (SBOMs) and analyze binary for software provenance. This capability extends Exiger’s Ion Channel platform for SBOM analysis to binaries that have no SBOMs, as well as device firmware, operational technology (OT) and IoT.
Since SolarWinds and Log4j, attacks, breaches and outages have ripped through corporate networks and headlines. From 2021 to 2025, the incidence of software supply chain attacks is expected to triple, affecting an estimated 45% of organizations. The U.S. Federal Government’s actions to mitigate this risk include Executive Order 14028, the Food and Drug Administration’s SBOM requirements for medical devices and the Cybersecurity and Infrastructure Security Agency’s SBOM guidance. The recent National Security Memorandum 22 also specifically calls out threats to OT.
“While the public and private sector are adopting policies and solutions to address supply chain risks in new software going forward, there’s a glaring blind spot when it comes to spotting and rooting out vulnerabilities in operational or legacy technologies,” says Exiger president Carrie Wibben. “When you consider that the cost of simply maintaining these legacy systems exceeds $1 trillion, you start to appreciate the scale of the gap in security across our software supply chains. Today, even our largest, most recognizable organizations are trying to bridge this gap in visibility with written vendor questionnaires. But with the acquisition and integration of aDolus, Exiger’s customers can independently verify suppliers’ attestations about the composition and security of their software.”
Key Takeaways:
- aDolus leads the market in analyzing operational technology, real-time operating systems and Windows / Linux-based IT software. Its FACT platform delivers high-precision risk analytics, provides results tuned to maximize accuracy, generates retroactive SBOMs for legacy systems and verifies and validates current supplier SBOMs.
- The combination of Exiger’s AI, the Ion Channel platform and aDolus empowers customers to achieve full cyber supply chain visibility, even in the absence of contractual leverage.