Rezilion released the company’s Dynamic Software Bill of Materials (SBOM), to help organizations actively manage security across the Software Development Life Cycle (SDLC).
Rezilion’s Dynamic SBOM seamlessly plugs to all software environments, from development to production, and provides real-time visibility to all software components. Unlike static SBOMs, Rezilion’s Dynamic SBOM does more than just uncover what software components are there: it reveals if and how they’re being executed in runtime, providing organizations with an unparalleled solution to understand where bugs exist – but also whether or not they could be exploited by attackers.
Rezilion’s Dynamic SBOM is available now across CI and on-prem and cloud environments. A basic, free-of-charge version is available for use in CI through Rezilion’s website.
“For the first time in the history of cybersecurity, the software supply chain is being talked about on the national and international level as a prime attack vector plaguing critical infrastructure, public companies and government,” said Ed Amoroso, CEO of TAG Cyber. “With the release of Rezilion’s Dynamic SBOM, the company is providing a blueprint for the rest of the industry to follow that acknowledges the variable and ever changing nature of software and creates an easy to access path for developers, product security, and software supply chain owners to offer secure software to customers on a continuous basis.”
In today’s software-driven world, open source code dominates the software landscape and change is constant. With every change in code, new vulnerabilities can be introduced, which cybercriminals can exploit if they are not identified and fixed quickly. The need for a Software Bill of Materials (SBOM) is now imperative to any organization that wants to build and manage secure software. In fact, an SBOM requirement is part of a recent White House Executive Order for software providers who want to sell to the federal government. The order sends a clear message that the “ingredients” of software must be transparent to buyers across industries.
Current static SBOM tools fail to meet today’s security needs and create too much work for CISOs, Product Security and Compliance officers. They require manual, single-point-in-time scanning to understand changes in the environment. Static SBOMs yield noisy, complex outputs that make focusing on actual risk difficult. Static SBOMs are also limited in scope of what they can see and are often only available in specific parts of the software stack. Within this context, delay and uncertainty result in risk.
Rezilon’s Dynamic SBOM uniquely solves these challenges by automating management of the SBOM, and gives customers a real-time inventory of their software components and their behaviors. Through Rezilion’s Dynamic SBOM, customers benefit from:
- Dynamic inventory – Continuous tracking and management of the software environment as changes are being introduced.
- Full stack, full cycle coverage – See all software components across dev and prod, on-prem and cloud, hosts, containers, and IoT devices.
- Vulnerability scanning – Identify known vulnerabilities associated with the software components in your SBOM.
- Dynamic identification – Instantly search and pinpoint vulnerable components across millions of files and on thousands of hosts, containers, and applications.
- Dynamic context (available only in premium version) – Know down to the function level what every component is doing in runtime. Triage vulnerable components that are executed and loaded to memory from the vast majority that’s unloaded and therefore not exploitable.
- Exportable formats (available only in premium version) – Share important information with customers using a formal VEX (vulnerability exchange) or Cyclone DX document.
“Companies worldwide are now on the hook to validate that their software is secure and free from exploitation on a continuous basis. This is not a new problem for the industry but one that is now gaining the attention that it deserves thanks to high-profile attacks and vulnerabilities like SolarWinds and Log4j,” added Liran Tancman, Co-Founder and CEO of Rezilion. “We are setting the stage and raising the bar for the market by laying the groundwork of what needs to be included and available when it comes to an SBOM and acknowledging that this needs to be a dynamic asset that evolves with the software.”
The addition of the Dynamic SBOM to Rezilion’s platform marks an important milestone in the company’s mission to make it easier for organizations to eliminate software risk.