Toronto, Ontario–(Newsfile Corp. – February 2, 2023) – Cybeats Technologies Corp. (CSE: CYBT) (“Cybeats” or the “Company”) is pleased to announce that current and prospective clients of SBOM Studio1 are now able to automatically generate VEX reports to determine which software vulnerabilities are high risk and exploitable, helping security teams prioritize software remediation and reduce significant time and cost.
The Vulnerability Exploitability Exchange (VEX)2 offers crucial information about a products’ vulnerabilities, and makes the use of Software Bill of Materials (SBOM)3 more efficient. By incorporating VEX with SBOM, deeper insights are gained into the number of vulnerabilities affecting a software component and its exploitability. Cybeats enhances the value and market potential of SBOM Studio by incorporating VEX capabilities, helping security teams and organizations better understand their cybersecurity risk landscape and providing the precise tools required to reduce those risks.
“Cybeats is at the forefront of SBOM management, and is one of the first companies to utilize VEX alongside SBOM. The integration of VEX into SBOM Studio provides a valuable and necessary benefit to customers. In providing vulnerability disposition, contextual analysis, triaging, and VEX generation, SBOM Studio significantly reduces response efforts and time spent by product security teams and developers,” said Dmitry Raidman, CTO of Cybeats.
Expanded Market Opportunity for SBOM Studio
VEX and SBOM combined provide a comprehensive view of the vulnerabilities present in an organization’s software, allowing organizations to prioritize remediation efforts, receive updates on mitigation efforts, and access patches or updated versions. With SBOM Studio, organizations can combine VEX and SBOM at a reduced cost and with minimal manual labor, gaining valuable insights into cybersecurity risk management, compliance, and supply chain optimization. By using VEX, organizations can prioritize vulnerabilities based on immediate risk and receive recommended workarounds and streamlined access to patches. This helps organizations improve their cybersecurity posture and effectively manage risks, providing a more complete understanding of the threat environment. SBOM Studio currently supports VEX in CycloneDX format.
Key capabilities of SBOM Studio‘s new VEX functionality include:
- Aggregate vulnerabilities for assessment
- Vulnerability disposition workflow
- Real-time security advisory using VEX Artifacts
- VEX Export and Sharing
SBOM Studio is already built to be agnostic to SBOM generation tools, meaning it can work with any tool to validate and correct imported SBOMs, improving the accuracy of SBOMs. It also simplifies the implementation process, speeds up vulnerability remediation, and automates SBOM management, ultimately improving the return on investment of SBOM adoption in an organization. With the addition of VEX functionality, key features of SBOM Studio now include:
- Automated SBOM Management
- Accelerated Vulnerability Management
- Improved Workflow for Security Operations
- SBOM Sharing and Exchange Capabilities
- Data-Driven Business Decisions
- Regulatory Compliance and Licence Infringement
- VEX functionality
To view an enhanced version of this graphic, please visit:
Vulnerability Exploitability eXchange (VEX)4 provides enhanced context and information about the exploitability of a software. In utilizing VEX, security teams gain valuable insights into their most critical software vulnerabilities, and dramatically reduce effort and costs to remediate them. In addition to being implemented as a profile in the Common Security Advisory Framework (CSAF 2.0), VEX is also designed to be used in conjunction with SBOM (software bill of materials) to provide a more comprehensive understanding of the makeup and relationships within software, which can be useful for a variety of purposes such as cybersecurity risk management, compliance, and supply chain optimization.
The benefits of using VEX include:
- Increasing the value of SBOM’s by minimizing false positives
- Prioritizing vulnerabilities by highlighting those that can’t be exploited
- Accelerates remediation through vulnerability prioritization, saving time, money, and reducing frustration
- Keeping users informed about the manufacturer’s ongoing security efforts
- Recommends workarounds and streamlines access to patches or mitigated new versions
- Provides a more comprehensive view of the threat environment to strengthen overall cybersecurity posture
Join us at the Fira Gran Via, Barcelona from 27 February – 2 March, 2023 at MWC Barcelona5, the world’s most influential exhibition for the device connectivity and security industry: https://www.mwcbarcelona.com/.
Come meet us at S4x23 in Miami February 13-16! Discover new ideas and come up with innovative ways to use these new ideas to deploy secure and resilient industrial control systems6: https://s4xevents.com/.
Cybeats is a cybersecurity company providing SBOM management and software supply chain intelligence technology, helping organizations to manage risk, meet compliance requirements, and secure their software from procurement to development and operation. Our platform gives customers comprehensive visibility and transparency into their software supply chain, enabling them to improve operational efficiency and increase revenue. Cybeats. Software Made Certain. Website: https://cybeats.com
SUBSCRIBE: For more information, or to subscribe to the Company’s mail list, visit: https://www.cybeats.com/investors.
James Van Staveren
Phone: 1-888-713-SBOM (7266)
Email: [email protected]
Forward-Looking Information Cautionary Statement
Except for statements of historic fact, this news release contains certain “forward-looking information” within the meaning of applicable securities law. Forward-looking information is frequently characterized by words such as “plan”, “expect”, “project”, “intend”, “believe”, “anticipate”, “estimate” and other similar words, or statements that certain events or conditions “may” or “will” occur. Forward-looking statements are based on the opinions and estimates at the date the statements are made, and are subject to a variety of risks and uncertainties and other factors that could cause actual events or results to differ materially from those anticipated in the forward-looking statements including, but not limited to delays or uncertainties with regulatory approvals, including that of the CSE. There are uncertainties inherent in forward-looking information, including factors beyond the Company’s control. There are no assurances that the commercialization plans for the technology described in this news release will come into effect on the terms or time frame described herein. The Company undertakes no obligation to update forward-looking information if circumstances or management’s estimates or opinions should change except as required by law. The reader is cautioned not to place undue reliance on forward-looking statements. Under the parent company, Scryb Inc., company filings are available at sedar.com.
To view the source version of this press release, please visit https://www.newsfilecorp.com/release/153337