Introducing Cybellum v3.7: Smarter Vulnerability Management, Deeper Insights, and a More Intuitive Experience

Introducing Cybellum v3.7

We’re excited to launch Cybellum v3.7, a major release focused on delivering smarter detection, clearer insights, and a more seamless experience for managing product cybersecurity.

This release introduces:

  • A revamped vulnerability engine and interface, offering broader coverage and smarter analysis

  • New capabilities like Project Milestones and Penetration Testing Reports

  • Plus, platform-wide enhancements to streamline your workflows and boost clarity

Whether you’re prioritizing risk, tracking progress against KPIs, or refining your SBOM process, Cybellum v3.7 helps you move faster—with more context and confidence.

🔍 A Smarter, Stronger Vulnerability Engine

At the heart of v3.7 is a major upgrade to our vulnerability engine and user interface—built to offer smarter matching, broader data coverage, and a more intuitive way to investigate and act on vulnerabilities.

What’s new in the engine:

  • 33% more vulnerabilities detected, now covering ~1.1M issues across multiple trusted sources (OSV, RedHat, Debian, ExploitDB, and more)

  • Smarter correlation logic, combining CPEs and PURLs to improve precision across Windows, Linux, open source, and embedded ecosystems

  • Cross-source evidence trails, improving transparency and accelerating investigations

🧭 A note on resilience:
 With recent concerns over the stability of key vulnerability infrastructure—such as MITRE’s CVE program facing a funding lapse—Cybellum’s multi-source architecture becomes even more critical. By correlating data across numerous feeds, our engine continues to deliver comprehensive, reliable coverage—without relying on a single point of truth.

What’s new in the interface:

  • A fully redesigned vulnerability panel, with always-on context and seamless navigation between assessment objects

  • New tabs for Resources and Sources, giving full transparency into evidence, remediation data, and the underlying vulnerability intelligence

  • URL-based deep linking, making it easy to share vulnerability views with full context across teams

Together, these enhancements make it easier to find, understand, and act on what matters most.

📈 Project Milestones: Security KPIs Made Actionable

Our new Project Milestones feature helps you track security progress across key checkpoints in your product lifecycle—such as release gates or compliance deadlines.

You can now:

  • Set milestones with due dates and trackable KPIs

  • View milestone dashboards showing fulfillment status across versions

  • Automatically lock milestones upon due dates and monitor any missed targets

⚙️ Custom KPIs require the Custom Metrics license. Reach out to your Customer Success Manager to get started.

🛡️ Penetration Testing Reports: Structured, Shareable, Actionable

Security teams can now document, track, and export penetration test results for each product version—bringing pen testing into the broader cybersecurity workflow.

Key capabilities:

  • Record findings and link them to specific test cases

  • Attach supporting evidence like logs or screenshots

  • Track test status in dedicated dashboards

  • Export structured reports (XLSX or ZIP) for audits or customer submissions

🧪 Requires the Penetration Testing license. Contact your Customer Success Manager to enable this feature.

📅 Vulnerability Treatment Tracking: Track the Full Remediation Lifecycle

You can now track treatment dates like:

  • First Updated

  • Patched

  • Deployed

These milestones improve traceability and support frameworks like FDA pre/post-market cybersecurity requirements.

📊 Metrics Configuration for Custom Dashboards

Define KPI thresholds for custom dashboards, including FDA compliance metrics, with the new Metrics Configuration panel.

You can now:

  • Upload or manually configure KPI thresholds

  • Search, edit, and export configurations

  • Align dashboards with evolving organizational goals

🛠 Platform-Wide Enhancements

Better Vulnerability Exploration

We’ve replaced tab-based navigation with flexible filters—helping you zero in faster on the risks that matter.

Support for PURLs in Custom Packages

You can now add and manage Package URLs (PURLs) for greater component precision—alongside CPEs.

Spotting Unmapped Packages

Enable a new configuration to flag unmapped (local) packages with a visual cue and filter, improving SBOM traceability.

Improved CSV Uploads

Our system now auto-detects common date formats—reducing upload errors caused by Excel-edited files.

Audit Log Filtering

Admins can now filter audit logs by user and event type, improving traceability and usability.

🔧 Additional Improvements

  • Refined status filtering aligned to CSAF workflow

  • Added JVN descriptions and impact fields to vulnerabilities

Ready to Explore?

Want to see how v3.7 can help you move faster, stay compliant, and reduce risk—especially in a time of uncertainty around public data sources?
Reach out to your Customer Success Manager or request a demo today.

– The Cybellum Team

Book A Demo

Shlomi Ashkenazy
By Shlomi Ashkenazy

Shlomi is the Head of Brand and Strategy at Cybellum, overseeing product security thought leadership, positioning, and brand activities. A physicist-turned-cybersecurity brand builder, Shlomi has spent the past 10 years working with dozens of founders of cybersecurity, AI, DevOps, and health tech companies on building their product marketing, positioning, messaging, and thought leadership. Shlomi also produces and co-hosts "Left to Our Own Devices: The Product Security Podcast" and leads several strategic projects at Cybellum.

Suggested Resources View more
Subscribe & stay up-to-date