Archive for RunSafe Security

RunSafe Security Appoints Bob Lyle as Chief Revenue Officer

Posted in Commentary with tags on January 14, 2026 by itnerd

RunSafe Security today announced the appointment of Bob Lyle as Chief Revenue Officer (CRO). Lyle brings more than 30 years of experience in cybersecurity, software, and high-technology markets and will lead RunSafe’s global revenue growth as the company scales adoption of its embedded software security platform, including patented runtime protection and build-time SBOM generation.

In his role, Lyle will oversee RunSafe’s sales execution, go-to-market strategy, customer expansion, and strategic partnerships, supporting continued growth across enterprise, government, and critical infrastructure markets. His appointment comes as RunSafe experiences growing demand from government, enterprise, and critical infrastructure customers facing software supply chain risks.

Lyle joins RunSafe from Medcrypt, where he served as Chief Revenue Officer. Previously, he served as CRO of MergeBase, which was acquired by Finite State, and Cybeats, where he helped grow the company from its first customers to an initial public offering on the Canadian Securities Exchange (CSE: CYBT). Earlier in his career, Lyle co-founded and served as CEO of Valona Labs, a mobile device security startup acquired by HMD Global in 2020.

In addition to his startup leadership, Lyle has held executive roles at Qualcomm, Samsung, Motorola, and Absolute, spanning both venture-backed and public technology companies. Lyle also serves as Chair of the GSMA’s Device Security Group (DSG), and has acted as Deputy Chair or Chair continuously since 2019.

Leave a comment »

RunSafe Security’s Cyberhardening Platform Earns Iron Bank Approval, Boosting Embedded Defense for DoD

Posted in Commentary with tags on November 20, 2025 by itnerd

RunSafe Security today announced that the RunSafe Security Platform is now available on Iron Bank, the Department of Defense’s (DoD) hardened repository of pre-assessed and approved development, security, and operations (DevSecOps) solutions. As a verified Iron Bank publisher, RunSafe Security’s platform will provide DoD teams with access to Software Bill of Materials (SBOM) generation, supply chain risk management (SCRM), and code protection within a trusted ecosystem.

Iron Bank is built to help defense programs quickly deploy new tools without spending months navigating approval processes. Every product listed on Iron Bank goes through rigorous security assessments, container hardening, and compliance validation. Because the containers are scanned daily for vulnerabilities, DoD teams gain access to resilient tools that keep the software supply chain secure and allow software to be deployed faster. With RunSafe listed as a verified publisher, DoD teams and integrators can now access the company’s platform directly from Iron Bank, making it easier for defense programs to integrate.

The RunSafe Security Platform addresses some of the toughest challenges in embedded software security. Through the company’s platform on Iron Bank, organizations can access:

  • C/C++ SBOM Generation – RunSafe provides the authoritative build-time SBOM generator for embedded systems and C/C++ projects. Automating SBOM generation is critical for meeting DoD requirements, especially for unstructured C/C++ code where traditional SBOM tools fall short.
  • Supply Chain Risk Management – SCRM capabilities enable DoD teams to take action, not just generate a static SBOM. Teams can monitor for new vulnerabilities and check license enforcement and provenance. Additionally, RunSafe’s binary analysis identifies potential zero-day risks, helping organizations to rely not only on CVEs but also to quantify the risk of future weaknesses that attackers could target.
  • Runtime Code Protection – RunSafe hardens binaries against exploitation through moving target defense, such as Runtime Application Self Protection (RASP), defending weapons systems at runtime to increase resilience. This resilience applies to future zero days as well, providing fielded weapon systems protection between software upgrade cycles that can be two years apart.

For organizations working to modernize DevSecOps practices, automate SBOM generation, or secure embedded systems without code rewrites, RunSafe containers are available on Iron Bank by logging in and accessing the Iron Bank repository here.

To request a consultation to learn more about the RunSafe Security Platform and Iron Bank, please visit https://runsafesecurity.com/consultation-request/.

RunSafe Security Attending 2025 Alamo Cybersecurity Exposition (ACE) in December

Additionally, RunSafe Security is attending the 2025 Alamo Cybersecurity Exposition (ACE), an annual conference produced by the Alamo Armed Forces Communications and Electronics Association (AFCEA). The Exposition will take place from December 2–5, 2025, at the JW Marriott San Antonio Hill Country Resort & Spa in San Antonio, Texas. Alamo ACE is an annual event that supports the military community and provides access and insight into key senior leaders’ perspectives on current developments in cyberspace. To arrange a meeting with a member of the RunSafe Security team, contact: staci@runsafesecurity.com.

Leave a comment »

RunSafe Security Comments On A New CISA Advisory

Posted in Commentary with tags , on November 5, 2025 by itnerd

The CISA’s latest advisory (issued on Tuesday) underscores a persistent challenge across industrial and critical manufacturing sectors: software vulnerabilities that open the door to potential code execution — even when the risk appears to be local or limited in scope.

Commenting on this is Joe Saunders, Founder & CEO, RunSafe Security

On ICSA-25-308-01 – Fuji Electric Monitouch V-SFT-6

“While the Fuji Electric Monitouch V-SFT-6 vulnerabilities may not be remotely exploitable, the underlying pattern is familiar — buffer overflows in configuration tools or project files that can be weaponized as part of a supply chain or lateral movement strategy. These flaws highlight why protecting binaries before deployment is essential to breaking exploit chains.”

“RunSafe’s approach focuses on preemptive binary protection, eliminating exploit reuse and mitigating memory corruption risks like those identified here — without requiring source code changes or developer intervention. As these advisories remind us, defense-in-depth must now include securing the software itself at its most fundamental level.” 

On ICSA-25-308-03 Delta Electronics CNCSoft-G2

“The recently disclosed vulnerability in Delta Electronics’ CNCSoft-G2 software is another reminder that even trusted engineering and configuration tools can become points of entry for cyber threats. In this case, a simple stack-based buffer overflow — with low attack complexity — could allow arbitrary code execution once a malicious file is opened.”

“Although this vulnerability is not remotely exploitable, it highlights a recurring and systemic issue across industrial control software: unprotected binaries that remain vulnerable to memory corruption and exploit reuse. These weaknesses can be leveraged in multi-stage or supply chain attacks to move deeper into critical systems.”

“RunSafe Security focuses on eliminating these risks before they can be exploited — by protecting binaries at build time and making every software instance unique. This approach prevents attackers from reusing exploits or achieving code execution, even when a vulnerability exists. As this and similar advisories show, securing software at the binary level must now be part of every defense-in-depth strategy.”

Leave a comment »

RunSafe Security Releases New License Compliance Feature on the Company’s RunSafe Security Platform

Posted in Commentary with tags on November 5, 2025 by itnerd

RunSafe Security today announced the addition of a new license compliance feature to its RunSafe Security Platform. The rollout of this critical new feature underscores RunSafe Security’s unwavering commitment to remaining the leader in software supply chain security for embedded systems, from generating build-time Software Bill of Materials (SBOMs) to identifying vulnerabilities and preventing exploitation of embedded software at runtime.

The license compliance feature in the RunSafe Security Platform is designed to give embedded teams control over open source licenses and set policies based on their organization’s risk profile. The feature is aimed at companies needing to prevent “copyleft” licenses, which can legally require companies to open-source proprietary code if they inadvertently distribute code with licenses that are not permissive. With this feature enhancement, RunSafe customers can easily decide which licenses are safe, which licenses are off-limits, and how they want their build pipelines to react if an undesirable license is included in a software product.

Additionally, the feature allows customers to configure organization-wide rules to stop the delivery of code licensed under restrictive licensing terms, automatically enforcing license policy within the CI/CD pipeline to prevent the distribution of disallowed licenses in a software release. Unlike complex alternatives that require extensive manual configuration, RunSafe’s approach offers a balanced mix of control and simplicity. Whether a customer wants to automatically fail pipelines that include restricted licenses or allow by default, the settings are configurable to each customer’s business rules. If an organization’s team is using RunSafe’s SBOM generator and adds new dependencies, RunSafe automatically tracks any new or “unset” licenses.

For more information about RunSafe’s approach to licence compliance, vulnerability identification, and protecting embedded software systems, please visit https://runsafesecurity.com.

Leave a comment »

RunSafe Security Launches New Software Supply Chain Security Platform

Posted in Commentary with tags on December 17, 2024 by itnerd

RunSafe Security, a leader in immunizing software from cyberattacks through a patented, frictionless process, today announced the release of the RunSafe Security Platform that automates risk identification, exploit prevention, and runtime software monitoring. Now, developers can generate a high-fidelity software bill of materials (SBOM) at build time, ensuring the highest level of accuracy in identifying software components and related vulnerabilities. This powerful, comprehensive solution includes the authoritative, build-time C/C++ SBOM generation for embedded systems and enhances a system’s resiliency by automating the remediation of memory safety vulnerabilities in compiled code.

Software supply chain transparency can reduce risks and build trust. With regulations such as the Cyber Resiliency Act and the FD&C Act, building and including SBOMs is quickly becoming a business must. These requirements are driven by software supply chain security concerns, which underscores the critical need for SBOMs to identify risks and stay ahead of potential threats.

Leading global software organizations, including Lockheed Martin, Vertiv, and Critical Software, already use the RunSafe Security Platform. “RunSafe’s platform is timely given the new EU Cyber Resilience Act’s product liability,” says Critical Software CEO Joao Carreira. “Not only can organizations generate a complete SBOM, they can immediately mitigate vulnerabilities and future-proof against zero days using automated tools freeing developers to focus on new feature development.”

Powered by 400-plus vulnerability data sources, the RunSafe Security Platform delivers comprehensive cybersecurity solutions for embedded systems deployed across critical infrastructure. By generating an SBOM with complete visibility into software components, the platform reveals software dependencies, identifies vulnerabilities and quantifies risks. Organizations are provided with actionable insights to reduce exploit paths and enhance their security posture using automated tools throughout the development lifecycle.

Key capabilities and benefits include:

  • RunSafe Identify generates SBOMs for embedded systems at software build time, identifies software vulnerabilities, and quantifies available risk reduction technologies for those vulnerabilities. By offering insights into software components, vulnerabilities, and effective mitigation strategies, RunSafe empowers organizations to enhance their software’s resilience against evolving cyber threats.
  • RunSafe Protect mitigates cyber exploits by relocating software functions in memory every time the software is run. This results in a unique memory layout to prevent attackers from exploiting memory-based vulnerabilities. This approach maintains system performance and functionality without modifying the original software. RunSafe also offers a repository of pre-hardened open-source packages and containers, providing immediate protection against attacks in open-source software commonly used in proprietary software.
  • RunSafe Monitor provides real-time crash data and heuristics to determine whether a crash was a software bug or the result of a cyber attack. This capability enables precise triage, minimizing time and effort wasted on false positives. RunSafe’s passive monitoring listens for software crashes, collecting data on stability, reliability, and potential vulnerabilities. When a crash occurs, this data is swiftly directed to incident response teams for accurate and efficient triage, enhancing overall software security and resilience.

The RunSafe Security Platform will be generally available on December 16, 2024. To learn more, visit https://runsafesecurity.com/runsafe-platform/

Leave a comment »