NetRise unveils SBOM and vulnerability prioritization solutions to enhance XIoT firmware security

NetRise announced advanced capabilities for maintaining and working with Software Bill of Materials (SBOMs) and support for the CISA’s KEV Catalog for managing and understanding the risks associated with software components in the firmware of connected devices.

As the security of the software and firmware supply chain and regulation around SBOMs continue to dominate the industry landscape, the impact of consuming and generating a list of ‘ingredients’ for each device cannot be overstated. With the continuing push for new standards to require visibility in the supply chain, device consumers and asset owners need a solution to enable them to streamline SBOM management and vulnerability prioritization efforts.

“Our goal is to alleviate the significant struggles that manufacturers, enterprises, and consultants globally face today when securing XIoT software and firmware, not only when building these products but also understanding the latent risk and impact of the latest exploitable vulnerability on devices in the field,” said Thomas Pace, CEO of NetRise. “Without insight into the underlying components, identifying the latent risks and vulnerabilities within these devices becomes impossible.”

NetRise recognizes the current challenges in the market, enhancing its customers’ and partners’ ability to manage vulnerabilities effectively, and offers the solution these industry personas have been seeking; the ability to ingest and enrich SBOMs from multiple sources. This key capability helps device manufacturers and owners alike better manage the underlying components and vulnerabilities of XIoT devices.

With the growing prominence of KEVs, NetRise’s adoption of CISA’s KEV data provides users with an efficient method for prioritizing the most exploitable vulnerabilities. Today, a typical enterprise sorts through potentially hundreds of thousands of vulnerabilities, and the ability to prioritize remediation efforts based on exploitability alters the dynamics of device security. In 2022, about 30% of KEVs affected XIoT devices or software components used by XIoT devices. So far, in 2023, that figure is approximately 20%. Considering that any CVE could be on the KEV list, these are impressive numbers.

Key benefits of these new features in the NetRise Platform include:

• By overlaying CISA KEV catalog data, NetRise empowers a comprehensive understanding of known exploits to identify, address, and prioritize the most critical vulnerabilities.
• The NetRise platform supports the ingestion of two major SBOM formats (SPDX and CycloneDX), enriches them with vulnerability information, and exports in either format for external use.
• With a dark mode feature to minimize eye strain and enhance visibility in glare-prone environments, NetRise delivers an innovative interface design for improved user experience.

“NetRise goes a long way in navigating the complex difficulties across the software supply chain,” continued Pace. “We are proud to bring a solution to the market with the most advanced SBOM ingest, generation, and enrichment capabilities and empowering the prioritization of addressing the most critical vulnerabilities first, extending the ability to manage exposures effectively.”