Quectel and Finite State manage software supply risk

  • July 19, 2023
  • Steve Rogerson
  • Quectel

Quectel has partnered with Finite State, a specialist in managing software supply chain risk for the enterprise, to enhance the security of its modules through security testing, improved software supply chain visibility and software risk management.

The partnership aims to address the rapidly evolving regulatory environment and the need for robust and verifiable information about secure software development practices to ensure peace of mind to customers.

The alliance forms an aspect of a larger initiative geared towards ensuring that Quectel’s product suite is compliant and secure, with emphasis on transparency, regulatory compliance and a dedication to maintaining security.

The programme’s objectives are threefold:

  • Thorough security testing of Quectel’s key devices, using automated and manual methods to identify and remediate potential vulnerabilities
  • Enhancing software transparency via the production of software bills of material (SBoMs) for each product in Quectel’s portfolio, providing insight into the security profile of each device
  • Integration of Finite State’s firmware binary analysis capabilities in Quectel’s devsecops processes, enabling an approach to vulnerability and risk management throughout the product development lifecycle.

These objectives echo Quectel’s commitment to providing documented proof of effective security practices to government regulators, customers and business partners.

Through this collaboration, Quectel says it is addressing the industry’s security concerns.

“Comprehensive security testing via an industry leading security firm like Finite State plays a crucial role in module development by uncovering potential vulnerabilities,” said Norbert Muhrer, president and CSO of Quectel. “By subjecting our modules to thorough testing with Finite State, we will identify potential areas of cyber security vulnerabilities that we can address before they become an issue for our device OEM customers.”

Finite State said it was approaching this partnership with its standard practice of analysis of product and supply-chain security risk.

“The partnership between Quectel and Finite State signifies a commitment to delivering high-quality, secure modules that meet the evolving needs of the wireless industry,” said Finite State CEO Matt Wyckhouse. “By subjecting their modules to thorough security testing throughout the product development lifecycle and embracing software transparency via SBoMs, Quectel can provide their customers with products that offer robust and secure connectivity. This approach highlights Quectel’s dedication to security and their drive to maintain their position as a trusted provider of wireless modules.”

Quectel has expanded and enhanced its R&D capabilities in Vancouver to support growing numbers of Americas based customers. Launched four years ago, the facility has been expanded and refurbished to accommodate the growth of Quectel’s R&D operations in North America.

“As many of Quectel’s customers are located on the west coast of North America, situating our R&D centre in this attractive city enables us to easily deliver support to all the Americas,” said a Quectel statement. “Vancouver’s population offers an excellent skills base as it is the location for some of the highest-ranked universities in the world. There are also many other high-tech companies in the area so it’s a great environment to be a technology professional.”