Cybellum’s automated VEX generation capability enables security teams to focus on high risk threats

Cybellum announces automated Vulnerability Exploitability Exchange (VEX) generation capability, enhancing product security and facilitating vulnerability information sharing across the supply chain.

In conjunction with Cybellum’s automated SBOM creation, manufacturers and asset owners can now automatically discover vulnerabilities within their devices and preemptively determine the risk level and exploitability of these vulnerabilities. This will significantly reduce the number of vulnerabilities that require immediate attention, enabling resources to be allocated only to the high risk threats.

Software Bill of Materials (SBOMs) shed light on the software composition of devices, but they lack information on the vulnerabilities associated with the software components. The result is an often long and extensive list that needs to be manually examined at great cost of time and resources. Critical risks and vulnerabilities can get lost or overlooked in the process. To bridge this gap, Cybellum now automatically generates VEX reports that provide not only the vulnerabilities, but also the levels and remediation information, enabling product security teams to focus on remediating high risk threats.

Key capabilities of Cybellum’s VEX generation capability include:

  • Contextual exploitability analysis based on multiple attributes
  • Automated vulnerability aggregation and assessment
  • Machine readable VEX generation reports

The focus on vulnerabilities in connected devices is growing significantly with SBOMs becoming a standard and VEX a necessity for discovering and remediating high risk threats,” said Eran Rosenberg, VP of Products and Strategy at Cybellum. “This is where Cybellum’s Product Security Platform comes into play with automated SBOM creation, contextual vulnerability analysis, triaging, and VEX generation. With the VEX generation capability, product security teams can significantly reduce the time it takes to build VEX reports, improving supply chain collaboration and speeding up response times to cyber threats.”

More about

Don't miss