Rezilion, an automated software security platform, announces today the expansion of its Dynamic Software Bill of Materials (SBOM) capability to support Windows environments. Through the expansion, Rezilion will provide organizations with a toolset to manage software vulnerabilities and meet regulatory standards, for the 56 percent of software that’s built for Windows OS.
“We are seeing a widespread interest in adopting SBOMs as many organizations realize that their future security, risk, and compliance posture relies heavily on the need to see into their software supply chain,” said Liran Tancman, CEO, Rezilion. “A Dynamic SBOM that supports Windows environments widens the scope of possibility and gives the ability to a massive number of new customers to meet regulatory standards and detect and manage their software vulnerabilities strategically.”
While many tools exist for organizations to manage vulnerabilities in their software, most of these initially were built for use with Linux OS, resulting in gaps in functionality when they’re used for Windows.
A dearth of “Windows-first” tooling also affects organizations’ preparedness to comply with new regulations such as the President’s Executive Order (EO) 14028, which will require teams to provide regulators with a thorough inventory of their software environments and related vulnerabilities. The market has been slow to respond to this urgent need for better solutions. As evidence of this, Microsoft released its first, basic, open-source “Windows-first” SBOM generation tool in July.
As a result of these gaps, for organizations with large, legacy Windows environments (including critical infrastructures), a new threat on the scale of the “Y2K” scare of the late 1990s is emerging. Be it attackers or regulators, these organizations must modernize their security standards, or suffer the consequences of looming risks ahead.
First released in May, Rezilion’s Dynamic SBOM can be deployed in all software environments – both Windows and Linux simultaneously – and provides a real-time versus static inventory of all software components in a single graphical UI.
Rezilion’s solution also integrates dynamic runtime analysis to detect software vulnerabilities and to validate their actual exploitability, helping teams to clear away “false-positive” scan results and avoid wasteful patching work that shifts resources away from build activity.
Other key features and capabilities include:
Dynamic Identification – Instantly search and pinpoint vulnerable components such as Log4J across millions of files and on thousands of hosts, containers, and applications.
Holistic Insight & Control – View Windows and Linux risk side by side in one UI, to get a complete picture of your attack surface, manage risk efficiently and comply with auditors
Tackle Legacy Vulnerability Backlogs Efficiently – Aggregate detected vulnerabilities, filter out false positives and prioritize what matters to address risks quickly and meet modern remediation SLAs as defined by CISA with a fraction of the effort
Learn more about Rezilion’s Dynamic SBOM at https://www.rezilion.com/platform/dynamic-sbom/.