ALEXANDRIA, Va., May 18, 2021 /PRNewswire/ -- In tandem with the recently published Executive Order that specifies Software Bills of Materials for vulnerability management in critical infrastructure, Ion Channel has announced public availability of is Software Bill of Materials (SBOM) analysis and monitoring platform for ongoing third party risk management in regulated industries.

Ion Channel Provides Software Bill of Materials (SBOM) Management Platform to Meet Executive Order Requirements

As a leading participant in the U.S. Department of Commerce's Software Transparency initiative, Ion Channel has been coordinating with government agencies and regulated enterprises to analyze leading indicators of risk, as well as known vulnerabilities, in device and application SBOMs, and to provide ongoing risk metrics that meet regulatory and security requirements for cyber supply chain risk management (Cyber-SCRM). This technical capability extends Ion Channel Cyber-SCRM capabilities funded by the intelligence community, Defense Department and Department of Energy starting in 2015.

"SBOM management, as a component of third-party risk and supplier management, is a distinct use case and needs a solution that's fit for purpose," says JC Herz, Ion Channel's CEO. "Solutions designed for software developers, or scanners that only run inside a single enterprise, don't deliver for this use case because of seat licensing and constraints on access to the underlying data. Ion Channel's metered business model keeps SBOMs continuously monitored at an affordable price, with no seat licensing and full API access to detailed supply chain data that can flow into Security Operations Centers (SOCs), configuration management (CMDB), software asset (SAM) systems and procurement systems. This data can be shared and exchanged between customers and suppliers, regulators, auditors and accreditors, and this portability is essential for end-to-end supply chain risk management."

Ion Channel's automated verification of active software maintenance and supplier security response allows customers to enforce terms and conditions related to software supply chain risk management and cyber hygiene, and to give preferential procurement to suppliers who meet security criteria on an ongoing basis.

