BlueVoyant has launched its Software Bill of Materials (SBOM) management offering, which helps organisations reduce risk related to software by automating the ingestion, analysis, and tracking of software component information from third-party software vendors.
The latest advancements improve Supply Chain Defense, BlueVoyant’s next-generation third-party cyber risk management solution that continuously monitors suppliers, vendors, and other third parties, and then works with them to quickly remediate threats.
BlueVoyant’s SBOM solution is powered through a partnership with Manifest, a cybersecurity company that specialises in securing software supply chains for corporate and government entities.
More than 85% of applications contain at least one software vulnerability, according to the Open Source Software Risk Analysis (OSSRA) Report. Yet, many organisations lack visibility into software design or an efficient way to assess and manage third-party SBOM information, which can leave them open to breaches, business interruption, and regulatory compliance issues. As a result, organisations are looking for solutions.
By leveraging the BlueVoyant-Manifest SBOM solution, security teams can proactively gain deep insights into software risk exposure and other dependencies that their businesses may rely on.
“By combining Manifest’s depth of experience in SBOM with BlueVoyant’s holistic Supply Chain Defense, clients get continuous monitoring and remediation to solve their biggest third-party cybersecurity challenges,” said Manifest CEO Marc Frankel.
The key benefits to utilising SBOM for third-party risk are:
-
Vendor risk management: Automatically solicit SBOMs from vendors, see intuitive risk levels for vendor products, and incorporate them into comprehensive third-party cyber risk management.
-
Smarter vulnerability management: Prioritise vulnerabilities quickly and triage issues to reduce false positives and avoid unnecessary mitigation work.
-
Open source software (OSS) risk management: Create an enterprise-wide inventory of OSS across first and third-party products and scan OSS repositories to assess risk before implementing them.
-
Simplified compliance: Easily demonstrate compliance and provide evidence for international regulations and standards such as R155, Executive Order 14028, Section 524B, the European Cyber Resilience Act, and the EU’s NIS2 and DORA.
“Organisations in the private and public sectors are realising that SBOM visibility is a crucial part of a proactive third-party cyber risk management program,” said BlueVoyant Global Head of Supply Chain Defence Joel Molinoff. “By enhancing BlueVoyant’s Supply Chain Defense with Manifest’s SBOM capabilities, our clients are expanding their risk visibility deeper into the software supply chain and ensuring continuous monitoring and remediation of critical threats.”
