- Keysight Technologies has announced the launch of SBOM Manager, a solution designed to support organizations in managing their Software Bills of Materials (SBOMs) and ensuring their compliance with increasing cybersecurity requirements.
- The development of this solution comes in an environment marked by strengthening regulations on software component transparency.
The Cyber Resilience Act, scheduled to take effect in 2026, notably requires manufacturers of digital products to document software components and promptly report exploited vulnerabilities.
Comparable requirements also exist in other jurisdictions, such as U.S. Presidential Executive Order 14028 and certain industry standards in the healthcare sector. In this context, SBOMs are becoming a central tool for identifying software dependencies and tracking associated vulnerabilities.
A centralized platform for managing software bills of materials (BOMs)
Keysight SBOM Manager offers a unified approach to creating, managing, and leveraging software BOMs across the entire digital product lifecycle. The solution centralizes several functions, including BOM generation, software component analysis, and information sharing with internal and external stakeholders.
It enables the analysis of various types of artifacts, including binary software, firmware, containers, and other embedded components, including those from proprietary sources.
Vulnerability correlation and prioritization
The solution integrates mechanisms for correlating software BOMs with vulnerability databases. It supports the Vulnerability Exploitability eXchange (VEX) format, which indicates whether a vulnerability is exploitable in a given context.
This approach aims to facilitate the identification of relevant risks and reduce the volume of unexploitable alerts. Teams can thus focus their efforts on vulnerabilities likely to have an operational impact.
Secure Sharing and Access Management
The SBOM Manager solution also offers features for sharing software bills of materials (BOMs) and associated information, with role-based access control mechanisms and version tracking. These features enable the management of data distribution between the various stakeholders in a supply chain.
The solution also includes validation and standardization functions to ensure that software BOMs comply with applicable standards and regulatory requirements.
Integration into Operational Environments
The tool allows software BOMs to be linked to digital assets in production, establishing a connection between component documentation and the systems actually deployed. This integration aims to improve traceability and facilitate vulnerability management operations in real-world environments.
