Frankfurt am Main, Germany – EACG, developer of the product security automation platform TrustSource, is deepening its partnership with SCANOSS, the open source risk intelligence platform. As part of the partnership, EACG will take over the sales representation of SCANOSS in the DACH region to facilitate access to open source risk management for German-speaking companies.

The collaboration focuses on transparency regarding open source components and their cryptographic dependencies. This need for information is becoming increasingly urgent due to the emergence of quantum computing, which calls into question the security of common RSA and ECC cryptography algorithms. The combination of SCANOSS’s cryptography intelligence with the (also open source) analysis tools of EACG helps companies to create this transparency.

“EACG’s consultants have a deep understanding of the challenges in the area of open source compliance and security, which makes them an ideal partner for SCANOSS. Together, we give our customers everything they need to be prepared for the challenges ahead in both compliance and security,” said Alan Facey, CEO of SCANOSS.

With the help of information from the SCANOSS datasets, both the scans and the subsequent tasks of process automation, product documentation, and product security can be optimally supported, and processing steps can be shortened. The rapid enrichment of SBOMs using SCANOSS APIs and the policy tools of the TrustSource platform makes it possible to establish simple, cross-portfolio cryptography management.

“With its unique dataset, SCANOSS is an ideal complement to our TrustSource analysis and process automation platform. By assigning cryptography algorithms to SBOMs at an early stage, it becomes child’s play for any compliance or security manager to organize their portfolio in terms of cryptography, so to speak, “on the side.” From there, identifying broken encryptions is just a click away,” explains Jan Thielscher, CEO of EACG.

Together, the two partners SCANOSS and EACG offer companies in the DACH region the opportunity to bring true transparency and control to their software stack. The nice side effect: the solutions are also suitable for organizing regulatory requirements for export controls and minimizing software supply chain risk.