Data Theorem Launches Industry’s First Software Supply Chain Attack Surface Management Product to Identify Third-Party Assets and AppSec Violations

Data Theorem Launches Industry’s First Software Supply Chain Attack Surface Management Product to Identify Third-Party Assets and AppSec Violations

Data Theorem’s secure supply chain product uniquely discovers third-party assets across the full-stack application with continuous runtime analytics and dynamic vendor management

PALO ALTO, California, May 04, 2022–(COMMERCIAL WIRE)–Data Theorem, Inc., a leading provider of modern application securityreleased today Secure supply chain, the industry’s first attack surface management (ASM) product to address software supply chain security threats across application APIs, cloud services, SDKs, and open source software. Data Theorem uniquely identifies third-party vulnerabilities across the entire application software stack with continuous runtime analysis and dynamic inventory discovery that goes beyond traditional static source code analysis and processing approaches software bill of materials (SBOM).

High-profile security breaches such as SolarWinds, Kaseya, and Apache Log4j demonstrated the widespread damage that can occur in enterprise supply chains if APIs, cloud services, SDKs, and open source software from Third parties have security flaws that allow hackers to infiltrate. systems, initiate malicious attacks, and extract sensitive data. These featured hacks expose the coverage gaps found in traditional static code analysis tools and the lack of security knowledge in most vendor management programs.

According to Gartner®, “Seventy-two percent of business professionals expect their third-party networks to expand moderately or significantly in the next three years.”one Gartner in another report stated that, “By 2025, 45 percent of organizations worldwide will have experienced attacks on their software supply chain, a threefold increase since 2021.”two

Current approaches to software supply chain security have focused on vendor management or software composition analysis (SCA). However, these approaches often lack access to source code for mobile, web, cloud, and commercial off-the-shelf (COTS) software, as well as third-party API services. While neither approach can perform continuous run-time security monitoring, now with Data Theorem’s Supply Chain Secure product, organizations can benefit from a complete attack surface management (ASM) solution that delivers discovery continuous third-party application asset tracking and dynamic tracking of third-party vendors. . Data Theorem’s new supply chain product can automatically categorize assets under known vendors, allow customers to add additional new vendors, curate individual assets under any vendor, and alert on increases in policy violations and high vendor integration rates external within key applications. These automated capabilities enable supplier management teams to troubleshoot supply chain security issues more quickly and easily.

The Apache Log4j vulnerability highlighted how challenging the current state of dynamic asset discovery between third-party and third-party software can be for every organization that builds and deploys software. The Log4shell hack that affected more than 3 billion devices worldwide illustrated the widespread risk that can occur from a single exploit in the software supply chain. The flaw showed how important generating an accurate software bill of materials (SBOM) can be for improving third-party supply chain risk security. Data Theorem’s Supply Chain Secure product ingests SBOM files from vendors and its analytics engine can dynamically generate SBOM inventories based on the applications themselves. Comparing the delta between what has been documented as third-party software and what the application actually contains at runtime is an important aspect of any attack surface management effort to understand the actual exposure of third-party software vulnerabilities. .

According to a Gartner report, “Software Bills of Materials (SBOMs) improve the visibility, transparency, security, and integrity of proprietary and open source code in software supply chains. To realize these benefits, leaders software engineering must integrate SBOM throughout the software delivery life cycle.” The report further states: “By 2025, 60 percent of organizations creating or acquiring critical infrastructure software will require and standardize SBOMs in their software engineering practice, up from less than 20 percent in 2022.” Gartner also mentions that “SBOMs are an essential tool in your security and compliance toolbox. They help continually verify software integrity and alert stakeholders to security vulnerabilities and policy violations.”3

“While other software supply chain security approaches have emerged, no solution uses full-stack application runtime analytics and dynamic inventory discovery to support vendor management-related challenges,” he said. Doug Dooley, Data Theorem COO. “Data Theorem’s Analyzer Engine with Attack Surface Management (ASM) enables organizations to perform automated, continuous security inspection with application telemetry collection. This enables customers to better manage supply chain assets.” of third-party software and exposures within its vendors, vendors, and its own software stacks”.

Data Theorem’s extensive AppSec portfolio protects organizations from data breaches with application security testing and protection for modern web frameworks, API-based microservices, and cloud resources. Its solutions are powered by its award-winning Analyzer engine, which leverages a new type of dynamic, run-time analysis that is fully integrated into the CI/CD process and enables organizations to perform continuous, automated security inspection and remediation. Data Theorem is one of the first vendors to provide a full-stack application security scanner that connects application attack surfaces from the client layers found on mobile and web, the network layers found on found in the APIs and infrastructure layers found in cloud services.

Availability and prices

Secure supply chain is available today directly from Data Theorem. Pricing starts at $15,000 USD annually. For more information, see

Note 1: Gartner, “Improve Third-Party Risk Management by Clarifying the Role of Procurement,” by the Procurement Research Team. August 16, 2021
Note 2: Gartner, “How Software Engineering Leaders Can Mitigate Software Supply Chain Security Risks,” by Manjunath Bhat, Dale Gardner, and Mark Horvath. July 15, 2021
Note 3: Gartner, “Innovation Outlook for SBOM,” by Manjunath Bhat, Dale Gardner, and Mark Horvath. February 14, 2022
Disclaimer – GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the US and internationally and is used herein with permission. All rights reserved.

About the data theorem

data theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API Security, Cloud (Serverless Applications, CSPM, CWPP, CNAPP), Mobile Applications (iOS and Android), and Web Applications (Single Page Applications). Its main mission is to scan and secure any modern application anytime, anywhere. The award-winning data theorem analysis engine continuously scans web, mobile, and cloud applications and APIs for security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently protects more than 25,000 modern applications for its enterprise customers worldwide. Data Theorem is headquartered in Palo Alto, California, with offices in New York and Paris. For more information visit

Data Theorem and TrustKit are trademarks of Data Theorem, Inc. All other trademarks are the property of their respective owners.

View the source version on


Dan Spalding
(408) 960-9297

Leave a Comment