Product Cybersecurity Platform ONEKEY recognised as One of the Top Ten Solutions for Software Composition Analysis

• International US trade magazine selects ONEKEY as one of the top ten solutions for software component analysis
• ONEKEY fully automatically analyses the software in smart products for its components, vulnerabilities and compliance with standards

Duesseldorf, October 13, 2023 – The US trade magazine GRC Viewpoint regularly selects the spearhead of the global software and hardware industry. In the latest issue, the ten leading international companies for Software Composition Analysis (SCA) are chosen – including the German company ONEKEY. The European experts, headquartered in Duesseldorf, Germany, are leaders in automated software analysis and operate a globally available Product Cybersecurity & Compliance Platform (PCCP) that can quickly scan and manage the software and firmware of digital devices for dangerous vulnerabilities and compliance with standards. ONEKEY is being recognised as a solution that already meets the key requirements of the EU Commission’s forthcoming Cyber Resilience Act, U.S. Executive Order 14028 and many others : Software Component Analysis for Devices with Digital Elements reveals the relevant software components that are overtly or covertly contained in the device. According to the expert panel, “ONEKEY’s Product Cybersecurity & Compliance Platform (PCCP) enables manufacturers to quickly and easily improve product security, reduce cyber risk, and ensure compliance through maximum automation while reducing manual effort and resources required. ONEKEY’s team of cybersecurity experts actively contributes to the global, official vulnerability database (CVE) and continuously shares their automated findings with the public as an authorised CVE Numbering Authority.”

Secure Software Supply Chains with ONEKEY

GRC Viewpoint’s team of experts continuously researches the most innovative security solutions available on the market, providing over 130,000 CISOs and CIOs with the latest information on industry-wide security and compliance trends. SCA – Software Composition Analysis – is taking on a growing role in cyber resilience. The EU Commission’s Cyber Resilience Act (CRA-E) will soon come into force in Europe, posing complex challenges for manufacturers and distributors of devices with digital elements. Dangerous security vulnerabilities can often be hidden in the software of a device, system or machine with control over the network. A hacker attack that exploits such vulnerabilities can bring industrial production lines to a standstill or cause entire infrastructures to fail. With the Product Cybersecurity and Compliance Platform ONEKEY enables automated, fast and comprehensive cybersecurity and compliance analysis of any binary firmware of IoT/OT products such as industrial routers, industrial control systems, connected machines, cars and consumer products such as smart home, media, telecommunications and many others. ONEKEY’s customers already include well-known companies such as ATOS, Emerson, Nestlé, Sauter, Snap one, Swisscom, TÜV, Vodafone and Zyxel Networks and many others.

Cyber Twin enables Vulnerability Management across the complete Product Lifecycle

“Our automated platform requires no source code or connection to the devices or networks. It automatically creates an SBOM (Software Bill of Materials) and a digital cyber twin from a copy of the binary firmware, eliminating any disruption to production or operations. The cyber twin detects known and unknown vulnerabilities and enables further processing, including assistance in closing the vulnerability. In addition, all results are cross-checked against the public and our own CVE databases. This allows customers to reduce the time to fix the vulnerability and also to mitigate potential zero-day vulnerabilities at an early stage,” explains Jan Wendenburg, CEO of ONEKEY.

ONEKEY today already meets the essential requirements of cybersecurity directives such as IEC 62443-4-2, ISO303645, UNR155, the upcoming EU Cyber Resilience Act, and many others. With built-in 24/7 automated monitoring, Product Security Incident Response Teams (PSIRTs) can automatically monitor all products throughout their lifecycle, significantly reducing the time to remediate vulnerabilities.