Finite State Acquires MergeBase to Form a Powerhouse in Application Security

Finite State Acquires MergeBase to Form a Powerhouse in Application Security | News

Industry-leading SCA, AI-powered remediation, and developer-centric approach for secure software development from build to runtime

Columbus, OH - June 27th, 2024Finite State, Inc., the leader in comprehensive software risk management for the connected world, announced today the acquisition of MergeBase, a leading provider of software supply chain security solutions. This strategic move strengthens Finite State’s commitment to securing every aspect of the software development lifecycle (SDLC), improving security, visibility, and compliance across all digital environments, and empowering organizations to build and deploy more secure software and embedded systems.

The combined solution brings unmatched software security from build to runtime. Leveraging the combined power of Finite State’s advanced binary analysis and MergeBase’s deep source code analysis, it delivers unmatched software supply chain visibility and risk protection throughout the SDLC. Best-in-class Software Composition Analysis (SCA) technology identifies vulnerabilities in proprietary, open-source, and 3rd-party code and generates detailed Software Bills of Material (SBOMs) for any software, firmware, infrastructure-as-code (IaC), and source code. Going beyond traditional SCA capabilities, MergeBase’s patented Runtime SCA extends this protection, providing continuous monitoring for applications and mitigating vulnerabilities after deployment. This application hardening approach uses AI to continuously learn and improve accuracy, allowing organizations to proactively address known vulnerabilities and reduce their attack surfaces by 60–70% over time.

“The integration of MergeBase into Finite State marks a significant step forward in addressing the security needs of embedded systems and critical software. Our combined offering leverages the best of both worlds: comprehensive binary analysis and top-tier source code security. This acquisition allows us to offer unparalleled flexibility and compatibility, ensuring that organizations can meet stringent regulatory requirements and protect their products more effectively than ever before. We are excited to lead the way in providing a holistic security solution for the modern software supply chain,” said Matt Wyckhouse, CEO of Finite State.

Building secure software from the start has become critical due to increasingly stringent regulatory mandates, which emphasize the importance of transparency and risk mitigation in software supply chains. The combined solution’s deep visibility and actionable insights into the entire software supply chain ensures compliance and enhances security from the start. This extensive insight, including vulnerability enrichment, remediation guidance, and prioritization data, seamlessly integrates into existing CI/CD pipelines, boosting developer productivity and accelerating secure software delivery.

“We are thrilled to join forces with Finite State. Together, we will set a new standard for software security. The benefits of integrating source code analysis and binary analysis will enhance our customers’ ability to identify and remediate vulnerabilities early, reducing false positives and leveraging runtime protections to minimize risks. This merger empowers us to provide a comprehensive solution that supports safe and secure software development lifecycles, ultimately protecting both national infrastructure and individual consumers,” said Oscar van der Meer, CEO of MergeBase.

This acquisition positions Finite State at the forefront of the rapidly growing application security market, projected to reach USD 55.0 billion by 2029 (MarketsandMarkets). With a focus on secure-by-design principles, the strategic merger will empower organizations to develop, deploy, and manage software with unparalleled confidence.

About Finite State

Finite State is the leading provider of software risk management solutions for connected devices and software supply chains. The Finite State platform is a central hub for device security, delivering continuous visibility into potential software risks. Armed with access to over two billion data points, customers receive actionable insights, encompassing SBOMs, vulnerability data, and remediation guidance. This proactive strategy streamlines the mitigation of application security (AppSec) and product risks, ensuring the safeguarding of critical sectors like consumer IoT, healthcare, automotive, manufacturing, and energy against cyber threats. For more information, please visit

About MergeBase

MergeBase is a complete software supply chain security solution that combines Software Composition Analysis (SCA), Software Bill of Material (SBOM), and AI-powered Attack Surface Reduction to help teams reduce vulnerabilities in their software and meet compliance requirements. MergeBase accelerates remediation with component upgrades and reduces the burden on development teams by automatically eliminating access to unused and vulnerable application components within the target software code.