ITASCA, Ill., Feb. 20, 2024 (GLOBE NEWSWIRE) -- Flexera, the company that helps organizations maximize business value from their technology investments, today announced the general availability of SBOM management functionality is now included in Flexera One IT Visibility. Flexera enterprise customers increasingly want software bills of materials (SBOMs), which provide inventories of the components included in the mission-critical software they use. The expanded need for enterprise software users to consume SBOMs from their software vendors is driven by increasing governmental regulations, the growing number of open source and third-party components per application, and high levels of cyber threats.

Flexera’s existing SBOM management capabilities are part of the pioneering software composition analysis (SCA) platform historically sold through Flexera’s Revenera division. With this launch, Flexera One IT Visibility supports software buyers' use cases with the same capabilities SCA customers have relied on for over 15 years. The new SBOM management feature of Flexera One IT Visibility mitigates the increased risks of software vulnerabilities and data breaches. It also drives strategic technology decisions with a clear view of assets down to their component level. Flexera’s SBOM management is well known and regarded by software suppliers for its detailed insights into software components, with a comprehensive compliance library that includes more than 18 million components.

"SBOMs provide critical data about software, including which components, licenses, and security vulnerabilities are in play. SBOMs are therefore essential in order for enterprises to understand their risk profiles and to maintain compliance,” said Alex Rybak, senior director of product management and head of the open source program office (OSPO) at Revenera, a division of Flexera. “Since configuration management databases (CMDBs) are already saturated with data, they're unsuitable for storing SBOMs. The new SBOM management capability of Flexera One IT Visibility proves to be the optimal platform for ingesting first and third-party SBOMs, creating SBOMs to stay on top of security risks that are posed by all components.”

Flexera One IT Visibility delivers a broad range of capabilities, including software vulnerability enrichment and lifecycle management. The addition of SBOM management provides users with sophisticated automation, in-depth scanning capabilities, and cloud-based access. By monitoring software producers, third-party code, and internal modules, Flexera simplifies software complexities, supporting compliance and risk management initiatives.

With the SBOM management functionality of Flexera One IT Visibility, users can:

• Create a comprehensive list of all third-party components in a distributed or hosted app, including components from commercial off the shelf (COTS) and open source software (OSS) components
• Establish a defined relationship between components (i.e. parent/child, dependency, related, etc.)
• Construct, ingest, and export SBOMs in industry standard formats, including SPDX and CycloneDX
• Provide additional reports about your applications’ security posture snapshot, including vulnerability disclosure reports (VDR) and vulnerability exploitability eXchange (VEX) reports.

Organizations can use this SBOM management feature to:

• Ingest third-party SBOMs: When enterprises receive SBOMs from their software vendors and suppliers, Flexera reads in SBOM data to integrate it with the existing information in its Flexera One Technopedia database. This process links the SBOM data to related IT asset information, including vulnerabilities and other risk factors, including end-of-life (EOL) details.
• Construct SBOMs when third-party SBOMs are not delivered: For vendor-supplied software that does not include an SBOM, creating one is essential. When enterprises ask vendors for SBOMs but the vendors are unable to provide them, enterprises can construct their own. Software developed in-house, sourced as software-as-a-service (SaaS), or obtained from external vendors contain a variety of components, such as open source and third-party code, in addition to commercial software. By gathering and analyzing this diverse data, enterprises can develop a cohesive and actionable understanding of their software inventory and manage the associated security risk.
• Assess impact of newly reported security vulnerabilities: When a vulnerability is identified and disclosed for a given application, Flexera One IT Visibility customers will be able to use vulnerability IDs to look up impacted applications and devices on which they are deployed, then rapidly develop mitigation/remediation plans across their IT estate.
  

More about SBOM management in Flexera One IT Visibility is available at https://www.flexera.com/flexera-one/it-visibility/sbom-management.

About Flexera

Flexera saves customers billions of dollars in wasted technology spend. A pioneer in hybrid ITAM and FinOps, Flexera provides award-winning, data-oriented SaaS solutions for technology value optimization (TVO), enabling IT, finance, procurement and cloud teams to gain deep insights into cost optimization, compliance and risks for each business service. Flexera One solutions are built on a set of definitive customer, supplier and industry data, powered by Technopedia, that enables organizations to visualize their Enterprise Technology Blueprint™ in hybrid environments—from on-premises to SaaS to containers to cloud. More than 50,000 customers subscribe to Flexera’s technology value optimization solutions, delivered by 1,300+ team members worldwide. Learn more at flexera.com.