TEL AVIV, Israel, Jan. 26, 2023 /PRNewswire/ — Cybellum, provider of the award-winning Product Security Platform for connected product and device manufacturers, announced today the release of version 2.22, providing enhanced SBOM management and security capabilities for the automotive, medical device, and industrial sectors. Generation of reliable SBOMs is only the first step in the process. Version 2.22 offers greater visibility for managing SBOMs via advanced workflows for approval process and management dashboards, and improved support for protecting against supply chain vulnerabilities.
Increased pressure from regulatory bodies and asset owners requires that manufacturers provide better visibility into their software components using Software Bill of Materials (SBOM). But generating SBOMs is not enough. It is only the first step for manufacturers who need to monitor and manage the multitudes of SBOMs created, now and into the future.
“There is heightened focus on Software Bill of Materials in connected devices, especially since the Presidential Executive Order 14028 was released in May 2021, and as a result of the work that CISA and the NTIA have been doing in this area,” said Eran Rosenberg, VP of Products and Strategy at Cybellum.
“But it’s not enough to just create SBOMs,” Rosenberg stressed.”SBOMs must be managed – vetted, edited and approved – so they correctly represent the software make-up of a device. In addition, security and compliance stakeholders should be able to seamlessly share the SBOMs and support must-have use-cases for vulnerability management, supply chain security and support of product security incident response teams (PSIRT).”
Version 2.22 includes new features and capabilities for product security teams to streamline the management process including:
- Management dashboards – for managing the control of SBOMs, their distribution and approval processes across product, security, compliance and management teams.
- SBOM approval process – locks an SBOM for further editing, designates it as “approved” for further usage, and logs approver details in the platform’s audit log.
- Improved Access Control – for role-based access control with SBOM-level access permissions.
- Ability to track KPIs and Risk – reveals the organization’s SBOM readiness and cyber risk status, helping managers identify areas requiring immediate attention.
- Multiple SBOM formats – support for managing formats including CycloneDX, SPDX, SWID.
- Hierarchical product configuration – including system, product and component level.
- Support for NTIA minimal elements for SBOMs – component vendor, name, CPE, CPE aliases, version, latest version, website, reference and dependencies.
- Lifecycle support – for SBOM lifecycle phase, component End-of-Life and End-of-Support.
To schedule a demo of the SBOM management capabilities, click here.