Manufacturers and asset owners are now able to automatically generate VEX reports to determine which vulnerabilities are high risk and exploitable and how to remediate them
Tel Aviv, Israel, November 9, 2022 – Cybellum, provider of the Product Security Platform for connected device manufacturers, announced today the availability of its automated Vulnerability Exploitability Exchange (VEX) generation capability, enhancing product security and facilitating vulnerability information sharing across the supply chain. In conjunction with Cybellum’s automated SBOM management, manufacturers and asset owners can now automatically discover vulnerabilities within their devices and preemptively determine the risk level and exploitability of these vulnerabilities. This will significantly reduce the number of vulnerabilities that require immediate attention, enabling resources to be allocated only to the high risk threats.
Read our blog: Breaking Down CISA’s VEX Minimum Requirements.
Software Bill of Materials (SBOMs) shed light on the software composition of devices, but they lack information on the vulnerabilities associated with the software components. The result is an often long and extensive list that needs to be manually examined at great cost of time and resources. Critical risks and vulnerabilities can get lost or overlooked in the process. To bridge this gap, Cybellum now automatically generates VEX reports that provide not only the vulnerabilities, but also the levels and remediation information, enabling product security teams to focus on remediating high risk threats.
Key capabilities of Cybellum’s VEX generation capability include:
- Contextual exploitability analysis based on multiple attributes
- Automated vulnerability aggregation and assessment
- Machine readable VEX generation reports
“The focus on vulnerabilities in connected devices is growing significantly with SBOMs becoming a standard and VEX a necessity for discovering and remediating high risk threats,” said Eran Rosenberg, VP of Products and Strategy at Cybellum. “This is where Cybellum’s Product Security Platform comes into play with automated SBOM creation, contextual vulnerability analysis, triaging, and VEX generation. With the VEX generation capability, product security teams can significantly reduce the time it takes to build VEX reports, improving supply chain collaboration and speeding up response times to cyber threats.”
Register here to watch the webinar: Cyber BOM and SBOM Management
Cybellum enables device manufacturers to keep the products they build secure and compliant. Industry leaders use Cybellum’s Product Security platform to execute and manage all aspects of their product security operation, across teams, product lines, and business units. From SBOMs to Vulnerability Management, Compliance Validation, and Incident Response, teams can ensure their product portfolio stays secure in the long run. Powered by Cyber Digital Twins™ technology — a live digital replica of every software component inside your devices – Cybellum allows product security teams to manage cyber risk continuously, whatever new threat arises. From living SBOMs to automated vulnerability management and continuous monitoring, teams can ensure their product portfolio is secure from design to post-production and beyond. To learn more visit cybellum.com.