Eracent SBOM Manager Reviews & Product Details

Eracent has 25 years' experience providing the highest quality foundational data, analysis, and reporting for IT Asset Management (ITAM), Software Asset Management (SAM), IT Service Management (ITSM), and Cybersecurity initiatives. Eracent SBOM Manager™ Most commercial and custom software applications contain at least some open source code. Typical vulnerability analysis tools do not inspect the individual open source components within applications, although any of these may contain vulnerabilities or obsolete code that can put your organization at risk. A Software Bill of Materials, or SBOM, is a file that provides an “ingredients list” of all libraries and components that make up an application. It shows the origin or DNA for each piece of code and is typically created by the publisher of the software. The Eracent SBOM Manager™ provides critical functionality for ensuring Software Supply Chain Security. Cyber Mandate Compliance: The Eracent SBOM Manager helps organizations minimize risks and comply with the requirements of cyber mandates, such as Executive Order 14028, Section 3305 of the Consolidated Appropriations Act of 2023, the Network and Information Security (NIS) Directive, The New York State Department of Financial Services’ 23 NYCRR500, and the Digital Operational Resilience Act (DORA) [Regulation (EU) 2022/2554]. Support for Software Consumers and Producers: While the Eracent SBOM Manager provides value to in-house and commercial application development teams, it is also unique in its approach to meeting the requirements of organizations that purchase or subscribe to software from numerous publishers. These “software consumers” will have to manage dozens, hundreds, or even thousands of SBOMs. Vulnerability Management: Any library or component may contain potential vulnerabilities that provide access for hackers, and typical vulnerability scanning tools do not look for potential issues “behind the scenes” within applications. Eracent SBOM Manager is continuously updated and leverages vulnerability data from NIST, GitHub, and other trusted global sources. It uses this data to display risk scores, levels of criticality, and more. Users may submit exemptions for review by CISOs and Risk Management teams if a lower risk score is justified based on how a product is utilized. Reduced Incident Response Time: As a centralized, single-source repository of libraries, components, and other related data, the Eracent SBOM Manager dramatically reduces response time when a vulnerability is reported since it eliminates the need to review SBOMs individually. License Risk Management: Open source code is licensed in numerous ways, defining how it may be utilized. Permissive licenses allow for the code to be used in many ways with few (or no) limitations. More restrictive license types, such as Strong CopyLeft, outline limitations of how the code may be utilized, what type of credit must be given to the developer, and more. If these conditions are not met, users may be forced to share their IP, or they may be subject to other legal and financial penalties. Eracent SBOM Manager provides visibility into license types for each component and library, reducing the risk of unknowingly using a library that has excessive restrictions when less risky options are available. Obsolescence Management: Older open source code may be obsolete, and undermanaged code can invite hacking activity. The Eracent SBOM Manager offers version tracking – the version in use, newer available versions, and version history – as well as lifecycle dates that support obsolescence management. The dedicated open source library within Eracent’s IT-Pedia® product data library provides a solid foundation for the Eracent SBOM Manager’s analysis and reporting.