Vendor-Provided Resources

The software supply chain is more fragile than most realize. In this ThreatCon keynote, NetRise Co-Founder and CEO Thomas Pace shares large-scale evidence from millions of analyzed binaries, firmware images, and software artifacts — revealing systemic risks that traditional AppSec tools overlook.

Learn why visibility into compiled code is the key to building true software assurance — and how NetRise is helping organizations uncover and address hidden vulnerabilities before they become front-page news.

Gain visibility beyond vendor questionnaires. See how NetRise reveals hidden software risk and strengthens third-party risk management programs.

In this exclusive conversation, Tom and Allan explore the origins, evolution, and future of the Software Bill of Materials (SBOM)—from its inclusion in the 2021 White House Executive Order on improving the nation’s cybersecurity to the recently updated CISA minimum elements designed to strengthen software transparency and accountability.

They’ll unpack:

• What drove the federal government to require SBOMs from software vendors

• Why minimum SBOM standards are evolving—and what that means for security teams

• How organizations can generate accurate, evidence-based SBOMs that go beyond compliance

• Why visibility into the software you buy, build, or deploy has become central to national resilience

• You’ll also hear their take on recent supply chain incidents—from the NPM compromise to the F5 breach—and discuss what it truly means to build resilience in a world where software trust can’t be blind.

Manage risk in the software your organization buys, uses, and operates.

NetRise provides deep visibility into the compiled software running across devices, applications, operating systems, and critical infrastructure. By analyzing binaries—not declarations—you can finally see what’s actually executing in your environment and prioritize true software supply chain risk.

Get the full NetRise Platform Data Sheet to learn how our platform uncovers hidden components, misconfigurations, embedded secrets, unsafe libraries, and exploitable vulnerabilities—without requiring source code.

Industry survey findings from 64 organizations across financial services, manufacturing, healthcare, and technology sectors revealing four critical gaps in vendor risk management programs: BCP support (68.8%), monitoring maturity (47.2%), resilience scoring (41.9%), and assessment efficiency (37.5%). Includes industry-specific breakdowns and benchmark data on assessment timelines, monitoring approaches, and program maturity levels.

A practical, digital tabletop exercise deck designed to help third-party risk and vendor management teams test their response to vendor failures. This digital resource includes over 50 realistic scenarios covering cyber incidents, operational failures, and supply chain disruptions, plus "Pressure Cards" to simulate escalating crises. Framework-agnostic and ready-to-use, it provides a structured way to validate escalation paths, communication plans, and workarounds, helping teams proactively identify and address gaps in their resilience programs.

There is a growing eagerness to evolve away from deep-rooted, siloed risk teams and toward broad, interconnected, system-wide foundations.

Depth still matters because risk expertise and solid processes depend on it, but this past year has clearly pushed TPRM ecosystems to widen in the name of stronger collaboration and resilience.

So, with that in mind, let’s take a moment to unpack 2025 and highlight five standout TPRM trends.

When it comes to assessing AI risk, third party risk management teams are challenged on two key fronts: the proliferation of AI that has outpaced the ability of traditional risk frameworks to keep up, and existing AI risk assessments that are fragmented and unique to specific industries, geographies, or regulatory bodies.

Black Kite's Global Adaptive AI Assessment Framework (BK-GA³™) is designed to address these challenges by providing a unified and truly global open standard for assessing AI risk. This effort reflects a commitment that has been deeply ingrained in our culture since the very beginning, a value instilled by Black Kite’s Co-founder, Candan Bolukbas, and expressed through the resources and research we regularly release to empower the community and strengthen the security of the entire ecosystem.

Ready to turn your cybersecurity investments into real outcomes? Discover the new HITRUST ROI Calculator—a strategic tool that visualizes how certification can boost revenue, streamline operations, lower cyber-insurance costs, and reduce risk. Backed by real-world data and a remarkable 464% ROI benchmark, this is the clarity your business case needs. Read the full blog to see what your organization could unlock.

In February 2024, a ransomware attack on a critical player in the US healthcare infrastructure sent shockwaves through the US and globally. Pharmacies were unable to process prescriptions using patients' insurance, leading to delays in medication dispensing and highlighting the fragility of the healthcare supply chain. Hospitals and medical offices faced severe operational disruptions, struggling to provide patient care, submit insurance claims, and receive payments. The American Hospital Association called it "the most significant and consequential incident of its kind against the US health care system in history."

Third-party attacks have emerged as one of the most critical threats in the modern cyber landscape. Adversaries increasingly exploit vulnerabilities within external vendors, suppliers, contractors, and service providers to gain indirect access to target organizations, often with severe consequences. These breaches can lead to significant data loss, operational disruption, regulatory penalties, and reputational damage. As a result, third-party risk management (TPRM) is no longer just an IT concern, it’s a board-level imperative essential to protecting sensitive data and maintaining customer trust.