Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top
ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why
Skip to main content
Contact UsSupportLoginBlogCommunity
reversinglabs
Customer Story

SolarWinds: Building a Path to Excellence in Software Supply Chain Security with Spectra Assure

Building an exemplary, leading program devoted to securing a complex, modern software supply chain was the critical objective for SolarWinds after the Sunburst incident. While SolarWinds continued to leverage legacy application security testing tools, they embarked on a mission to identify new tools that could provide novel and deeper insights that identify risks and threats.

That's when SolarWinds added Spectra Assure™ to its development and deployment pipeline. Spectra Assure provides “a final check,” CISO Tim Brown said. “ReversingLabs always plays that important final check to say, ‘Is anything else in here that is suspect?’ that could include unexplained changes to the build process, or unexpected additions to the software. By comparing new builds with previous, known good builds, SolarWinds can “make sure nothing nefarious got into a release,” Brown said.

Malware, tampering, suspicious behavior changes, and more can be identified within proprietary, commercial, and open-source components, plus artifacts added during compilation. In addition, Spectra Assure determines if software components or artifacts behave as expected – flagging anomalies, unusual patterns, or changes in behaviors, which is critical for seeing and stopping novel supply chain attacks before release.

Automated prioritization helps product and security teams organize remediation projects for development teams, which is critical for balancing security improvements with delivery timelines.

ReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsRL at RSAC
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu

ReversingLabs always plays that important final check to say, ‘Is anything else in here that is suspect?’

Tim Brown, CISO, SolarWinds

SBOMs That Drive Transparency and Business

SolarWinds sees an increasing number of requests for software bills of materials (SBOMs) before purchase. This marks a critical milestone for enterprise procurement where vendor transparency is implemented as a best practice. These prospective customers need software inventory information to manage third-party risk effectively.

“ReversingLabs is what we use to generate that SBOM,” Brown said. “Our customers are requesting them. Our customers need them. The ability to produce SBOMs helps us close our deals.”

Spectra Assure generates a comprehensive SBOM by analyzing the entire software release that customers will receive, including proprietary, commercial, and open-source components. Assessing software in its final executable state creates a more comprehensive software inventory than tools focused solely on open-source components or that rely solely on build manifests that specify the expected software contents rather than the actual contents. SBOMs are exported in the CycloneDX or Software Package Data Exchange (SPDX) formats, both industry standards, to respond to customer requests.

“ReversingLabs is what we use to generate that SBOM. Our customers are requesting them. Our customers need them. The ability to produce SBOMs helps us close our deals,” said Tim Brown, CISO, SolarWinds.

Manage Risk in Software Components

As a software developer, SolarWinds must manage risks posed by third-party, commercial, and open-source components used in its products. This requires new levels of transparency with third parties creating software components SolarWinds includes in its products. The Spectra Assure SAFE Report simplifies this effort by raising awareness of the most imminent security issues and expediting remediation. The reports can be used to meet both internal and external compliance requirements and to demonstrate due diligence in assessing risks associated with third-party software components.

Spectra Assure is embedded in SolarWinds’ CI/CD to serve as the “final check” before software release. An AWS‑hosted architecture uses S3 for build artifact storage, Lambda or Step Functions for orchestration, and ECS/EKS for scalable scanning nodes. SAFE report and SBOM data are stored in Amazon RDS (for relational needs) or DynamoDB. Integration with enterprise build tools (Jenkins, GitHub Actions) enables binaries to be automatically uploaded to S3.

Next Step: Third-Party Commercial Software Risk

Like the rest of the industry, SolarWinds is working to improve its third-party risk management and processes for the commercial software it uses. “It’s very common practice for people to look for SOC 2s, ISOs, questionnaires, spreadsheets, and that's a lot of the way evaluation is done today. But that evaluation doesn't really give you enough to be able to truly assess the risk of the product that you're buying,” Tim Brown, CISO.

SolarWinds would like to identify any risks or threats in the commercial software it uses before acquisition or deployment. ReversingLabs makes this risk assessment possible because Spectra Assure’s complex binary analysis engine provides transparency without requiring access to source code. 

Brown shared, “The ideal case is that you're running ReversingLabs on everything before purchase. I not only get the SBOM, but I also get insights into malicious code or tampering.”

Schedule a DemoContact Sales
  • SolarWinds
  • Austin, Texas
  • 2,300
  • IT Software & Services
FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
Download Story

Securing the software supply chain is one of the biggest challenges that we face as an industry. We need to know how much we can trust each piece of software,and that's where Spectra Assure comes in.

Tim Brown, CISO, SolarWinds

Challenges

  • Final check of complex software releases
  • Comprehensive SBOMs to drive business
  • See and stop software supply chain threats

All RL Solutions

  • Spectra Assure

Want to Learn More?

Schedule a DemoContact Sales

Expert Insights

Manage risk in software components

Solution

  • ReversingLabs Spectra Assure assesses software builds before release, providing a comprehensive SBOM, risk assessment, and remediation feedback

Results

  • Improved software supply chain security with rapid analysis of large, complex software before release
  • Increased security assurance for prospective customers with a securely shareable, comprehensive SBOM
  • Enabled remediation without encumbering speed-to-market with actionable feedback
  • Improved risk management for commercial and open-source software components
solarwinds
Spectra Assure: The Complete Solution for Software Supply Chain Security

Spectra Assure: The Complete Solution for Software Supply Chain Security

Learn More about Spectra Assure: The Complete Solution for Software Supply Chain Security
Spectra Assure: The Complete Solution for Software Supply Chain Security
The 5 Misconceptions of Software Supply Chain Security

The 5 Misconceptions of Software Supply Chain Security

Learn More about The 5 Misconceptions of Software Supply Chain Security
The 5 Misconceptions of Software Supply Chain Security
closing the software supply chain security gap black cubes

Closing the Software Supply Chain Security Gap

Learn about complex binary analysis and how it tackles supply chain threats like malware, tampering, exposed secrets and more — all without source code.

Learn More about Closing the Software Supply Chain Security Gap
Closing the Software Supply Chain Security Gap