Product Cybersecurity Platform ONEKEY recognised as One of the Top Ten Solutions for Software Composition Analysis

  • International US trade magazine selects ONEKEY as one of the top ten solutions for software component analysis
  • ONEKEY fully automatically analyses the software in smart products for its components, vulnerabilities and compliance with standards


Duesseldorf, October 13, 2023 – The US trade magazine GRC Viewpoint regularly selects the spearhead of the global software and hardware industry. In the latest issue, the ten leading international companies for Software Composition Analysis (SCA) are chosen – including the German company ONEKEY. The European experts, headquartered in Duesseldorf, Germany, are leaders in automated software analysis and operate a globally available Product Cybersecurity & Compliance Platform (PCCP) that can quickly scan and manage the software and firmware of digital devices for dangerous vulnerabilities and compliance with standards. ONEKEY is being recognised as a solution that already meets the key requirements of the EU Commission’s forthcoming Cyber Resilience Act, U.S. Executive Order 14028 and many others : Software Component Analysis for Devices with Digital Elements reveals the relevant software components that are overtly or covertly contained in the device. According to the expert panel, “ONEKEY’s Product Cybersecurity & Compliance Platform (PCCP) enables manufacturers to quickly and easily improve product security, reduce cyber risk, and ensure compliance through maximum automation while reducing manual effort and resources required. ONEKEY’s team of cybersecurity experts actively contributes to the global, official vulnerability database (CVE) and continuously shares their automated findings with the public as an authorised CVE Numbering Authority.”


Secure Software Supply Chains with ONEKEY

GRC Viewpoint’s team of experts continuously researches the most innovative security solutions available on the market, providing over 130,000 CISOs and CIOs with the latest information on industry-wide security and compliance trends. SCA – Software Composition Analysis – is taking on a growing role in cyber resilience. The EU Commission’s Cyber Resilience Act (CRA-E) will soon come into force in Europe, posing complex challenges for manufacturers and distributors of devices with digital elements. Dangerous security vulnerabilities can often be hidden in the software of a device, system or machine with control over the network. A hacker attack that exploits such vulnerabilities can bring industrial production lines to a standstill or cause entire infrastructures to fail. With the Product Cybersecurity and Compliance Platform ONEKEY enables automated, fast and comprehensive cybersecurity and compliance analysis of any binary firmware of IoT/OT products such as industrial routers, industrial control systems, connected machines, cars and consumer products such as smart home, media, telecommunications and many others. ONEKEY’s customers already include well-known companies such as ATOS, Emerson, Nestlé, Sauter, Snap one, Swisscom, TÜV, Vodafone and Zyxel Networks and many others.


Cyber Twin enables Vulnerability Management across the complete Product Lifecycle

“Our automated platform requires no source code or connection to the devices or networks. It automatically creates an SBOM (Software Bill of Materials) and a digital cyber twin from a copy of the binary firmware, eliminating any disruption to production or operations. The cyber twin detects known and unknown vulnerabilities and enables further processing, including assistance in closing the vulnerability. In addition, all results are cross-checked against the public and our own CVE databases. This allows customers to reduce the time to fix the vulnerability and also to mitigate potential zero-day vulnerabilities at an early stage,” explains Jan Wendenburg, CEO of ONEKEY.


ONEKEY today already meets the essential requirements of cybersecurity directives such as IEC 62443-4-2, ISO303645, UNR155, the upcoming EU Cyber Resilience Act, and many others. With built-in 24/7 automated monitoring, Product Security Incident Response Teams (PSIRTs) can automatically monitor all products throughout their lifecycle, significantly reducing the time to remediate vulnerabilities.


ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.



Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150