Manufacturers and asset owners are now able to automatically generate VEX reports to determine which vulnerabilities are high risk and exploitable and how to remediate them
Cybellum, provider of the Product Security Platform for connected device manufacturers, announced today the availability of its automated Vulnerability Exploitability Exchange (VEX) generation capability, enhancing product security and facilitating vulnerability information sharing across the supply chain. In conjunction with Cybellum’s automated SBOM creation, manufacturers and asset owners can now automatically discover vulnerabilities within their devices and preemptively determine the risk level and exploitability of these vulnerabilities. This will significantly reduce the number of vulnerabilities that require immediate attention, enabling resources to be allocated only to the high risk threats.
Cybellum will be hosting a webinar on this topic, entitled Making Sense of SBOMs and VEX on November 22, 2022 at 2PM EST.
Software Bill of Materials (SBOMs) shed light on the software composition of devices, but they lack information on the vulnerabilities associated with the software components. The result is an often long and extensive list that needs to be manually examined at great cost of time and resources. Critical risks and vulnerabilities can get lost or overlooked in the process. To bridge this gap, Cybellum now automatically generates VEX reports that provide not only the vulnerabilities, but also the levels and remediation information, enabling product security teams to focus on remediating high risk threats.
Key capabilities of Cybellum’s VEX generation capability include:
- Contextual exploitability analysis based on multiple attributes
- Automated vulnerability aggregation and assessment
- Machine readable VEX generation reports
“The focus on vulnerabilities in connected devices is growing significantly with SBOMs becoming a standard and VEX a necessity for discovering and remediating high risk threats,” said Eran Rosenberg, VP of Products and Strategy at Cybellum. “This is where Cybellum’s Product Security Platform comes into play with automated SBOM creation, contextual vulnerability analysis, triaging, and VEX generation. With the VEX generation capability, product security teams can significantly reduce the time it takes to build VEX reports, improving supply chain collaboration and speeding up response times to cyber threats.”
Register here for Making Sense of SBOMs and VEX on November 22, 2022 at 2PM EST.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!
