Tag: 3BL

Beyond Benign’s Green Chemistry Commitment (GCC) has been awarded the Royal Society of Chemistry’s 2025 Horizon Prize for Education, recognizing its innovative approach to advancing green chemistry in higher education. The prize celebrates the GCC’s success in fostering a global community of practice that empowers educators to embed green chemistry into teaching, research, and institutional culture—preparing future scientists with the skills needed to address today’s sustainability challenges. This award recognizes groundbreaking, high-impact initiatives that are making a meaningful contribution to the advancement of chemistry education.

MilliporeSigma, the U.S. and Canada Life Science business of Merck KGaA, Darmstadt, Germany, began its relationship with Beyond Benign in 2013 with the aim to advance green chemistry education. In 2023, MilliporeSigma announced a multi-million-dollar, multi-year expanded partnership to transform chemistry in higher education, better preparing the next generation of scientists to address sustainability through chemistry by developing and implementing green chemistry and sustainable education resources.

Together, the organizations have delivered measurable global impact. The GCC has surpassed its original goal of 250 signers by the end of 2025, with more than 260 higher education institutions committed to embedding green chemistry across their programs.

MilliporeSigma has also helped strengthen Beyond Benign’s Green Chemistry Teaching and Learning Community (GCTLC) online platform. The GCTLC now provides 3,250+ users with 415 open-access curriculum resources that accelerate the integration of sustainability principles into chemistry education.

To date, the partnership has reached 1.9 million students through the GCC network —surpassing the 2025 target of 1.4 million. Progress also continues toward 2030 goals, including engaging 10,000 faculty and reaching 15.5 million students globally.

By supporting the expansion of green chemistry in higher education, MilliporeSigma is helping Beyond Benign shape a generation of scientists who view sustainability as foundational to innovation.

MilliporeSigma is a long-standing supporter of this work. The company embeds sustainability across its operations—from offering 4,500+ greener alternative products to supporting global access to science education—and its partnership with Beyond Benign further reinforces this commitment by accelerating the integration of green chemistry into higher education.

Beyond Benign’s Horizon Prize winner profile can be viewed on the Royal Society of Chemistry’s website. Educators interested in signing the GCC can do so on Beyond Benign’s website and register for the GCTLC platform to access its community and resources.

The Healthcare Plastics Recycling Council (HPRC) – Europe has published its latest case study, “Unlocking Recycling Potential: Automated Sorting Trials of Medical Plastic Waste.”

Building on insights from the first pilot in the Netherlands, which demonstrated the technical feasibility of manual sorting, this second-phase study tested automated sorting technologies under real-world conditions in Germany. Conducted in collaboration with Universitätsklinikum Bonn (UKB) and TOMRA, the trial assessed whether industrial-scale systems can reliably sort healthcare plastic packaging waste with the accuracy and throughput needed for sustainable recycling.

Key Findings:

• Waste Stream Quality Matters: Clean, well-segregated packaging can be efficiently sorted, but contamination risks remain a critical challenge.
• Automated Sorting Efficiency: 45% of rigid plastics were recovered into PP, PE, and PET streams; flexible packaging was sorted into PE, though multi-material films pose contamination risks.
• Improved Separation Strategies: Point-of-use sorting and AI-based object recognition could enhance outcomes, supported by trained staff and proper hospital systems.
• Design for Recyclability: Following HPRC’s Design Guidance improves sorting efficiency and waste value, creating potential revenue streams for hospitals.

Why It Matters:
Healthcare plastics represent a significant recycling opportunity, but scaling solutions requires collaboration across the value chain. This study provides evidence-based best practices for collection, logistics, and processing, bridging the gap between theoretical feasibility and practical implementation.

Project Partners:
HPRC coordinated the initiative with support from CIRCULARMED, UKB, TOMRA, and HPRC members DuPont, LyondellBasell, Baxter, and Nelipak.

Read the full study here.

The Ray’s executive director, Allie Kelly, was recently interviewed by Derek Van Dam of CNN.

They were featured riding the 18-mile stretch of highway in Southwest Georgia, highlighting technologies that are currently being demonstrated along the southbound highway and at the Georgia Visitor Information Center on I-85 North just before Exit 1 in West Point, Georgia.

“The Ray is focused on creating a safer, cleaner and more efficient support of the economy and our communities,” said Kelly. “Zero deaths, zero carbon emissions from vehicles, zero waste from the transportation sector.”

Watch the video interview here.

The Ray’s executive director, Allie Kelly, was recently interviewed by Derek Van Dam of CNN.

They were featured riding the 18-mile stretch of highway in Southwest Georgia, highlighting technologies that are currently being demonstrated along the southbound highway and at the Georgia Visitor Information Center on I-85 North just before Exit 1 in West Point, Georgia.

“The Ray is focused on creating a safer, cleaner and more efficient support of the economy and our communities,” said Kelly. “Zero deaths, zero carbon emissions from vehicles, zero waste from the transportation sector.”

Watch the video interview here.

The Ray’s executive director, Allie Kelly, was recently interviewed by Derek Van Dam of CNN.

They were featured riding the 18-mile stretch of highway in Southwest Georgia, highlighting technologies that are currently being demonstrated along the southbound highway and at the Georgia Visitor Information Center on I-85 North just before Exit 1 in West Point, Georgia.

“The Ray is focused on creating a safer, cleaner and more efficient support of the economy and our communities,” said Kelly. “Zero deaths, zero carbon emissions from vehicles, zero waste from the transportation sector.”

Watch the video interview here.

The Software Bill of Materials (SBOM) has become one of the most important tools in modern cybersecurity and software supply chain management. By listing the components that make up a piece of software or a device, SBOMs provide the visibility needed to assess vulnerabilities, ensure compliance, and maintain trust throughout the product lifecycle.

However, as SBOM adoption accelerates across industries, from industrial control systems to medical devices and telecommunications, many organizations are learning that not all SBOM solutions are created equal. Several widely used tools still struggle to meet the practical expectations and regulatory requirements emerging from frameworks such as the FDA guidance “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions”, the EU Cyber Resilience Act (Regulation (EU) 2024/2847), PCI DSS v4.0, and CERT-In SBOM and extended BOM guidelines. Incomplete data, inconsistent formats, and overwhelming vulnerability lists have made it difficult for security teams to rely on SBOMs for actionable intelligence or for confident regulatory submissions.

To understand what the best SBOM solution should deliver, it’s important first to recognize that there are two distinct types of SBOM users, SBOM producers and SBOM consumers, each with unique needs and expectations.

SBOM Producers: Building Secure and Transparent Products

SBOM producers are manufacturers, software vendors, and device makers who generate SBOMs for the software and firmware they develop or integrate. Their primary objectives include:

• Demonstrating transparency and compliance with regulations such as U.S. Executive Order 14028, the FDA guidance “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions”, and the EU Cyber Resilience Act (Regulation (EU) 2024/2847).
• Identifying and remediating vulnerabilities throughout the entire product lifecycle, not just during early development.
• Continuously monitoring released products for newly disclosed vulnerabilities, in line with postmarket obligations under FDA cybersecurity postmarket guidance and the EU CRA, which requires manufacturers to report actively exploited vulnerabilities within 24 hours.
• Prioritizing vulnerabilities, understanding available fixes, and ensuring timely remediation.
• Providing and updating SBOMs for each new firmware or software release, sharing them with customers, partners, and regulators to maintain transparency and compliance.

For producers, the challenge lies in creating accurate, complete, and shareable SBOMs that truly represent what is shipped to customers, including third-party and open-source dependencies embedded deep within compiled binaries. Many still rely on limited, source-based tools that cannot detect components or vulnerabilities hidden in closed, proprietary, or native code, resulting in incomplete visibility and compliance gaps.

In addition, producers face increasing complexity in generating and maintaining VEX (Vulnerability Exploitability eXchange) documents, which communicate whether identified vulnerabilities actually affect a product and provide the vendor’s assessment and response regarding their exploitability. Creating accurate VEX data and keeping it synchronized with evolving SBOMs is often a manual, time-consuming process, especially when products have multiple versions or variants.

Producers must also manage secure and traceable distribution of both SBOM and VEX files to regulators, customers, and ecosystem partners making automation, consistency, and lifecycle management essential features of the best SBOM solutions.

SBOM Consumers: Understanding and Managing Software Risks

SBOM consumers are asset owners, operators, and enterprise security teams who receive SBOMs from their suppliers or extract them directly from deployed devices. Their objectives differ from those of producers but are equally critical to maintaining a secure and resilient environment.

Their priorities include:

• Identifying vulnerabilities in products and systems deployed across their environments.
• Monitoring those vulnerabilities continuously against new disclosures, threat intelligence sources, and curated feeds such as the CISA Known Exploited Vulnerabilities (KEV) Catalog.
• Correlating SBOM data with internal asset management systems
• Ensuring compliance with emerging software supply chain regulations and procurement security requirements.

For consumers, the biggest challenge remains trust. Trust that the SBOMs they receive are accurate, complete, and regularly updated. However, trust is only part of the problem. Most organizations also lack a centralized platform capable of ingesting, managing, and maintaining large volumes of SBOMs from multiple suppliers, in different formats, and across multiple product categories. Without such a system, SBOMs remain siloed and quickly lose value as software evolves. Another significant challenge lies in the lack of reliable mapping between SBOM data and the organization’s actual asset inventory. Many consumers struggle to align specific SBOMs with deployed hardware, firmware, or software versions, preventing effective vulnerability monitoring and remediation.

Bridging the Gaps: What the Best SBOM Solution Should Deliver

Despite growing demand and regulatory momentum, most SBOM tools today still fall short in six critical areas: accuracy and coverage, vulnerability management, secure sharing, CVE overload, overall quality, and consumer SBOM visibility. Let’s examine each of these challenges, and what the best SBOM solution should provide to overcome them.

1. Accuracy and Coverage

Achieving 100% SBOM accuracy across complex supply chains is a high expectation. Modern software and firmware often include hundreds of components, some compiled, some statically linked, some inherited through nested dependencies. These complexities make perfect accuracy nearly impossible, especially for closed-source or third-party code. However, the best SBOM solution should strive for significantly improved accuracy and coverage through smarter analysis and more advanced detection techniques. Many existing SBOM tools rely solely on build-time or source-level scanning, which leaves blind spots when examining the actual binaries shipped to customers. This means that what’s in the SBOM might not reflect what’s in the deployed product. The best SBOM solution should:

• Detect components from native binary code, including closed-source and proprietary components, not just from source or open-source packages, to accurately represent the actual software delivered to customers.
• Accurately identify component name and versions and assign the correct unique identifiers, including both Common Platform Enumeration (CPE) and Package URL (PURL), to enable precise and reliable vulnerability mapping across different ecosystems.
• Recognize both static and dynamic dependencies, capturing linked components that are often missed by surface-level scanners.
• Produce results that comply with and support the latest versions of SBOM standards such as SPDX and CycloneDX, which continue to evolve to meet regulatory and industry requirements.
• Generate SBOMs that include as many of the minimum required fields specified by standards as possible, ensuring completeness and interoperability for downstream consumption, compliance reporting, and automated vulnerability analysis, even when certain metadata cannot be fully extracted from binaries.

Keysight SBOM Manager achieves this with patent-pending binary SBOM detection technology that reveals deeply embedded components and improves accuracy and coverage for native code binaries. This approach gives both producers and consumers more confidence that the SBOM truly represents the software or device in use.

2. Vulnerability Correlation, Monitoring, and Context through Scalable VEX

Generating an SBOM is only the first step. Once released, software and firmware must be continuously monitored for newly disclosed vulnerabilities. However, many current SBOM tools fail to incorporate diverse and authoritative vulnerability intelligence sources, relying solely on the NVD (National Vulnerability Database) while overlooking vendor advisories, and other vulnerability and threat intelligence sources that provide crucial context. Without this broader perspective, organizations face incomplete or outdated risk assessments.

The best SBOM solution should:

• Continuously correlate SBOM components against multiple data sources such as the NVD, CISA Known Exploited Vulnerabilities (KEV) Catalog, OSVDB, Github security advisories, vendor advisories and other vulnerability and threat intelligence sources.
• Automatically track and flag newly disclosed vulnerabilities that affect components listed in generated or imported SBOMs.
• Enable scalable generation of Vulnerability Exploitability eXchange (VEX) documents, which communicate whether identified vulnerabilities actually affect a product and provide the vendor’s assessment and response regarding their exploitability.
• Manage VEX data in alignment with SBOM updates, ensuring both remain synchronized as products evolve.

Keysight SBOM Manager integrates multi-source vulnerability correlation, combining data from NVD, CISA KEV, OSVDB, Github security advisories, vendor advisories, and other sources to ensure accurate, up-to-date vulnerability intelligence. It continuously monitors SBOM components for new CVE disclosures and enables generation of VEX documents at scale, allowing security teams to easily incorporate exploitability context. By maintaining synchronization between SBOM and VEX data across versions, Keysight enables proactive and context-rich vulnerability management throughout the product lifecycle.

3. Scalable and Controlled SBOM Sharing

Regulations such as the EU Cyber Resilience Act and the FDA cybersecurity premarket guidance require manufacturers to maintain up-to-date SBOMs and make them available to regulators upon request as part of compliance and risk management obligations. While these regulations do not mandate sharing SBOMs directly with customers or partners, market demand is rapidly shifting in that direction. Increasingly, enterprise customers, integrators, and critical infrastructure operators require suppliers to provide SBOMs as part of their procurement and vendor assurance processes, often making SBOM transparency a precondition for purchase or continued partnership. Yet in practice, many organizations still share SBOMs manually through emails or file transfers, which are neither scalable nor secure. The best SBOM solution should:

• Support controlled SBOM distribution through secure, role-based access.
• Allow producers to share SBOMs and VEX documents directly with customers, partners, and regulators through dedicated portals or APIs.
• Maintain version control and traceability, ensuring recipients always access the latest, verified version.
• Provide human-readable views of SBOMs and VEX data for transparency and ease of review which is crucial for regulatory and audit submissions.

This level of controlled, automated sharing transforms SBOMs from isolated compliance artifacts into living, shareable sources of product security truth.

Keysight SBOM Manager provides a centralized platform for secure and scalable SBOM distribution. Through role-based access control and built-in sharing workflows, producers can distribute SBOMs and VEX documents directly to customers, partners, and regulators without relying on manual file exchanges. Each shared SBOM is version-controlled and traceable, ensuring recipients always see the most recent and validated data. In addition, Keysight’s platform includes human-readable SBOM and VEX views, making it easier for non-technical stakeholders and regulators to review submissions with clarity and confidence.

4. Vulnerability Overload

A frequent frustration among SBOM users is vulnerability overload, when every potential vulnerability for every component is reported, regardless of relevance. While completeness sounds ideal in theory, in practice it overwhelms development and security teams, obscuring critical risks under a mountain of low-priority or irrelevant alerts. This issue is especially prevalent in SBOM tools that simply map every detected component to every associated CVE in the National Vulnerability Database (NVD) without any context. The best SBOM solution should:

• Filter irrelevant vulnerabilities intelligently based on product context.
• Support policy-based prioritization, allowing teams to focus on vulnerabilities that truly matter.
• Enable preparation for CVE reachability analysis, distinguishing theoretical vulnerabilities from those that are actually exploitable.

While a few tools claim to perform vulnerability reachability analysis, their results are often inconclusive, the absence of a vulnerability marked as “reachable” does not necessarily mean it cannot be exploited. It simply indicates that the tools found no evidence suggesting reachability or exploitability. Fully automated exploitability detection remains beyond current technological capabilities.

Keysight SBOM Manager takes a more pragmatic approach by automatically filtering out many irrelevant vulnerabilities that are certainly not applicable and prioritizing the rest according to defined policies. This enables security teams to spend less time sorting through data and more time addressing real security risks.

5. Quality and Usability

Even a technically complete SBOM can be unusable if it contains inconsistent data, missing fields, or invalid relationships between components. Low-quality SBOMs cause import errors, break automated workflows, and lead to mistrust between suppliers and consumers, undermining the very purpose of software transparency. Quality in SBOMs is not just a best practice; it is increasingly a regulatory expectation. Frameworks and standards such as NTIA’s “Minimum Elements for a Software Bill of Materials (SBOM)” (2021), CISA’s “Minimum Elements for a Software Bill of Materials (SBOM) – 2025 Update”, the EU Cyber Resilience Act (Regulation (EU) 2024/2847), and regional initiatives like BSI Technical Guideline TR-03183-2: Software Bill of Materials (SBOM), and CERT-In’s Guidelines on SBOM, CBOM, QBOM, AIBOM, and HBOM (July 2025) define or reference minimum required fields that an SBOM must include to ensure interoperability and compliance. These fields typically cover critical attributes such as component name, version, supplier, unique identifier (CPE or PURL), dependency relationships, and other metadata. As these frameworks evolve, maintaining alignment with their requirements becomes essential for both product producers and consumers operating in regulated markets. The best SBOM solution should:

• Detect and where possible correct data quality issues automatically, ensuring that generated SBOMs conform to required structural and semantic standards.
• Validate unique identifiers, dependencies, and hierarchical relationships, maintaining consistency across components and subcomponents.
• Fill in missing metadata where possible to approach the minimum required fields defined by regulatory and industry standards.
• Support evolving formats including SPDX and CycloneDX, automatically adjusting to the latest schema versions and field requirements.
• Generate high-quality, standards-compliant SBOMs that can be directly consumed by other tools without manual rework.

Keysight SBOM Manager incorporates advanced validation, correction, and normalization capabilities that ensure SBOMs meet the minimum required field expectations defined by CISA, BSI TR-03183, and CERT-In whenever possible. It automatically detects incomplete or inaccurate metadata, resolves naming or identifier inconsistencies, and enriches missing elements where derivable from binary or auxiliary data sources. By producing high-quality, standards-compliant, and regulator-ready SBOMs, Keysight SBOM Manager ensures that producers can confidently demonstrate compliance while consumers can integrate and analyze SBOMs reliably across their environments. For producers, this means consistent, submission-ready outputs across product lines. For consumers, it provides dependable, structured data they can act on confidently for vulnerability monitoring, procurement assurance, and compliance reporting.

6. Enabling Consumers to Integrate SBOMs for Full Asset Visibility

True lifecycle management extends beyond the producer’s side. SBOM consumers must be able to ingest, normalize, and map SBOMs (whether provided by suppliers or generated internally from binaries) to their actual deployed assets. Without this linkage, even the most accurate SBOMs fail to provide actionable visibility into operational risk. The best SBOM solution should:

• Enable centralized ingestion and normalization of SBOMs from multiple sources and formats.
• Automatically map SBOM components to deployed assets, devices, and firmware versions in the organization’s environment.
• Support continuous vulnerability monitoring tied to real asset inventories, not just theoretical component lists.
• Provide dashboards and APIs that connect SBOM intelligence to asset management systems.

Keysight SBOM Manager provides a unified consumer view, enabling organizations to ingest SBOMs from both suppliers and internal analyses. It automatically correlates SBOM data with deployed assets and device inventories to pinpoint where vulnerabilities actually reside. The platform continuously monitors SBOM components against live vulnerability feeds and integrates seamlessly with existing asset management systems. It also supports advanced, comprehensive search capabilities, for example, when a new CVE is disclosed, users can identify all affected assets with a single click and visualize the full impact across organizations and devices through an impact graph.

A Comprehensive Approach: Bridging the Gaps Across the SBOM Lifecycle

Each of these six pillars is essential but what sets the best SBOM solution apart is the ability to bring them together into one cohesive platform. Keysight SBOM Manager was purpose-built to unify these capabilities and serve both sides of the SBOM equation:

SBOM Generator provides deep binary analysis and accurate component identification.

SBOM Studio enables product producers to manage, validate, monitor, and share SBOMs and vulnerabilities through the entire lifecycle.

SBOM Consumer empowers users and asset owners to ingest supplier SBOMs, assess vulnerabilities, and track ongoing risks.

This ecosystem bridges the traditional gap between producers and consumers by transforming SBOMs from static compliance artifacts into living security assets.

Conclusion: From Compliance to Confidence

The global push for software supply chain transparency is reshaping how organizations manage product security. Yet, visibility alone is not enough. The real challenge lies in trusting that visibility, trusting that your SBOM data is accurate, complete, and actionable. The best SBOM solution is not the one that generates the most data, but the one that delivers the most reliable and actionable insight. It must address every stage of the SBOM lifecycle and the needs of both producers and consumers by excelling in the following six pillars:

• Accuracy and Coverage – delivering comprehensive visibility into open-source, closed-source, and proprietary components within complex binaries.
• Vulnerability Correlation, Monitoring, and Context through Scalable VEX – ensuring continuous vulnerability intelligence across multiple data sources and providing contextual VEX information to assess exploitability.
• Scalable and Controlled SBOM Sharing – enabling secure, traceable, and regulator-ready SBOM and VEX distribution with role-based access and version control.
• Vulnerability Overload – reducing noise by filtering out irrelevant vulnerabilities and prioritizing vulnerabilities based on relevance, exploitability, and product context.
• Quality and Usability – maintaining high data integrity, adherence to evolving SBOM standards, and inclusion of as many minimum required fields as possible to ensure reliable downstream use.
• Enabling Consumers to Integrate SBOMs for Full Asset Visibility – allowing SBOM consumers to ingest, normalize, and map SBOMs to deployed assets for accurate vulnerability tracking.

With Keysight SBOM Manager, organizations can achieve this balance by bridging the gaps in SBOM accuracy, quality, and usability to move beyond compliance and build true supply chain confidence.

The Software Bill of Materials (SBOM) has become one of the most important tools in modern cybersecurity and software supply chain management. By listing the components that make up a piece of software or a device, SBOMs provide the visibility needed to assess vulnerabilities, ensure compliance, and maintain trust throughout the product lifecycle.

However, as SBOM adoption accelerates across industries, from industrial control systems to medical devices and telecommunications, many organizations are learning that not all SBOM solutions are created equal. Several widely used tools still struggle to meet the practical expectations and regulatory requirements emerging from frameworks such as the FDA guidance “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions”, the EU Cyber Resilience Act (Regulation (EU) 2024/2847), PCI DSS v4.0, and CERT-In SBOM and extended BOM guidelines. Incomplete data, inconsistent formats, and overwhelming vulnerability lists have made it difficult for security teams to rely on SBOMs for actionable intelligence or for confident regulatory submissions.

To understand what the best SBOM solution should deliver, it’s important first to recognize that there are two distinct types of SBOM users, SBOM producers and SBOM consumers, each with unique needs and expectations.

SBOM Producers: Building Secure and Transparent Products

SBOM producers are manufacturers, software vendors, and device makers who generate SBOMs for the software and firmware they develop or integrate. Their primary objectives include:

• Demonstrating transparency and compliance with regulations such as U.S. Executive Order 14028, the FDA guidance “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions”, and the EU Cyber Resilience Act (Regulation (EU) 2024/2847).
• Identifying and remediating vulnerabilities throughout the entire product lifecycle, not just during early development.
• Continuously monitoring released products for newly disclosed vulnerabilities, in line with postmarket obligations under FDA cybersecurity postmarket guidance and the EU CRA, which requires manufacturers to report actively exploited vulnerabilities within 24 hours.
• Prioritizing vulnerabilities, understanding available fixes, and ensuring timely remediation.
• Providing and updating SBOMs for each new firmware or software release, sharing them with customers, partners, and regulators to maintain transparency and compliance.

For producers, the challenge lies in creating accurate, complete, and shareable SBOMs that truly represent what is shipped to customers, including third-party and open-source dependencies embedded deep within compiled binaries. Many still rely on limited, source-based tools that cannot detect components or vulnerabilities hidden in closed, proprietary, or native code, resulting in incomplete visibility and compliance gaps.

In addition, producers face increasing complexity in generating and maintaining VEX (Vulnerability Exploitability eXchange) documents, which communicate whether identified vulnerabilities actually affect a product and provide the vendor’s assessment and response regarding their exploitability. Creating accurate VEX data and keeping it synchronized with evolving SBOMs is often a manual, time-consuming process, especially when products have multiple versions or variants.

Producers must also manage secure and traceable distribution of both SBOM and VEX files to regulators, customers, and ecosystem partners making automation, consistency, and lifecycle management essential features of the best SBOM solutions.

SBOM Consumers: Understanding and Managing Software Risks

SBOM consumers are asset owners, operators, and enterprise security teams who receive SBOMs from their suppliers or extract them directly from deployed devices. Their objectives differ from those of producers but are equally critical to maintaining a secure and resilient environment.

Their priorities include:

• Identifying vulnerabilities in products and systems deployed across their environments.
• Monitoring those vulnerabilities continuously against new disclosures, threat intelligence sources, and curated feeds such as the CISA Known Exploited Vulnerabilities (KEV) Catalog.
• Correlating SBOM data with internal asset management systems
• Ensuring compliance with emerging software supply chain regulations and procurement security requirements.

For consumers, the biggest challenge remains trust. Trust that the SBOMs they receive are accurate, complete, and regularly updated. However, trust is only part of the problem. Most organizations also lack a centralized platform capable of ingesting, managing, and maintaining large volumes of SBOMs from multiple suppliers, in different formats, and across multiple product categories. Without such a system, SBOMs remain siloed and quickly lose value as software evolves. Another significant challenge lies in the lack of reliable mapping between SBOM data and the organization’s actual asset inventory. Many consumers struggle to align specific SBOMs with deployed hardware, firmware, or software versions, preventing effective vulnerability monitoring and remediation.

Bridging the Gaps: What the Best SBOM Solution Should Deliver

Despite growing demand and regulatory momentum, most SBOM tools today still fall short in six critical areas: accuracy and coverage, vulnerability management, secure sharing, CVE overload, overall quality, and consumer SBOM visibility. Let’s examine each of these challenges, and what the best SBOM solution should provide to overcome them.

1. Accuracy and Coverage

Achieving 100% SBOM accuracy across complex supply chains is a high expectation. Modern software and firmware often include hundreds of components, some compiled, some statically linked, some inherited through nested dependencies. These complexities make perfect accuracy nearly impossible, especially for closed-source or third-party code. However, the best SBOM solution should strive for significantly improved accuracy and coverage through smarter analysis and more advanced detection techniques. Many existing SBOM tools rely solely on build-time or source-level scanning, which leaves blind spots when examining the actual binaries shipped to customers. This means that what’s in the SBOM might not reflect what’s in the deployed product. The best SBOM solution should:

• Detect components from native binary code, including closed-source and proprietary components, not just from source or open-source packages, to accurately represent the actual software delivered to customers.
• Accurately identify component name and versions and assign the correct unique identifiers, including both Common Platform Enumeration (CPE) and Package URL (PURL), to enable precise and reliable vulnerability mapping across different ecosystems.
• Recognize both static and dynamic dependencies, capturing linked components that are often missed by surface-level scanners.
• Produce results that comply with and support the latest versions of SBOM standards such as SPDX and CycloneDX, which continue to evolve to meet regulatory and industry requirements.
• Generate SBOMs that include as many of the minimum required fields specified by standards as possible, ensuring completeness and interoperability for downstream consumption, compliance reporting, and automated vulnerability analysis, even when certain metadata cannot be fully extracted from binaries.

Keysight SBOM Manager achieves this with patent-pending binary SBOM detection technology that reveals deeply embedded components and improves accuracy and coverage for native code binaries. This approach gives both producers and consumers more confidence that the SBOM truly represents the software or device in use.

2. Vulnerability Correlation, Monitoring, and Context through Scalable VEX

Generating an SBOM is only the first step. Once released, software and firmware must be continuously monitored for newly disclosed vulnerabilities. However, many current SBOM tools fail to incorporate diverse and authoritative vulnerability intelligence sources, relying solely on the NVD (National Vulnerability Database) while overlooking vendor advisories, and other vulnerability and threat intelligence sources that provide crucial context. Without this broader perspective, organizations face incomplete or outdated risk assessments.

The best SBOM solution should:

• Continuously correlate SBOM components against multiple data sources such as the NVD, CISA Known Exploited Vulnerabilities (KEV) Catalog, OSVDB, Github security advisories, vendor advisories and other vulnerability and threat intelligence sources.
• Automatically track and flag newly disclosed vulnerabilities that affect components listed in generated or imported SBOMs.
• Enable scalable generation of Vulnerability Exploitability eXchange (VEX) documents, which communicate whether identified vulnerabilities actually affect a product and provide the vendor’s assessment and response regarding their exploitability.
• Manage VEX data in alignment with SBOM updates, ensuring both remain synchronized as products evolve.

Keysight SBOM Manager integrates multi-source vulnerability correlation, combining data from NVD, CISA KEV, OSVDB, Github security advisories, vendor advisories, and other sources to ensure accurate, up-to-date vulnerability intelligence. It continuously monitors SBOM components for new CVE disclosures and enables generation of VEX documents at scale, allowing security teams to easily incorporate exploitability context. By maintaining synchronization between SBOM and VEX data across versions, Keysight enables proactive and context-rich vulnerability management throughout the product lifecycle.

3. Scalable and Controlled SBOM Sharing

Regulations such as the EU Cyber Resilience Act and the FDA cybersecurity premarket guidance require manufacturers to maintain up-to-date SBOMs and make them available to regulators upon request as part of compliance and risk management obligations. While these regulations do not mandate sharing SBOMs directly with customers or partners, market demand is rapidly shifting in that direction. Increasingly, enterprise customers, integrators, and critical infrastructure operators require suppliers to provide SBOMs as part of their procurement and vendor assurance processes, often making SBOM transparency a precondition for purchase or continued partnership. Yet in practice, many organizations still share SBOMs manually through emails or file transfers, which are neither scalable nor secure. The best SBOM solution should:

• Support controlled SBOM distribution through secure, role-based access.
• Allow producers to share SBOMs and VEX documents directly with customers, partners, and regulators through dedicated portals or APIs.
• Maintain version control and traceability, ensuring recipients always access the latest, verified version.
• Provide human-readable views of SBOMs and VEX data for transparency and ease of review which is crucial for regulatory and audit submissions.

This level of controlled, automated sharing transforms SBOMs from isolated compliance artifacts into living, shareable sources of product security truth.

Keysight SBOM Manager provides a centralized platform for secure and scalable SBOM distribution. Through role-based access control and built-in sharing workflows, producers can distribute SBOMs and VEX documents directly to customers, partners, and regulators without relying on manual file exchanges. Each shared SBOM is version-controlled and traceable, ensuring recipients always see the most recent and validated data. In addition, Keysight’s platform includes human-readable SBOM and VEX views, making it easier for non-technical stakeholders and regulators to review submissions with clarity and confidence.

4. Vulnerability Overload

A frequent frustration among SBOM users is vulnerability overload, when every potential vulnerability for every component is reported, regardless of relevance. While completeness sounds ideal in theory, in practice it overwhelms development and security teams, obscuring critical risks under a mountain of low-priority or irrelevant alerts. This issue is especially prevalent in SBOM tools that simply map every detected component to every associated CVE in the National Vulnerability Database (NVD) without any context. The best SBOM solution should:

• Filter irrelevant vulnerabilities intelligently based on product context.
• Support policy-based prioritization, allowing teams to focus on vulnerabilities that truly matter.
• Enable preparation for CVE reachability analysis, distinguishing theoretical vulnerabilities from those that are actually exploitable.

While a few tools claim to perform vulnerability reachability analysis, their results are often inconclusive, the absence of a vulnerability marked as “reachable” does not necessarily mean it cannot be exploited. It simply indicates that the tools found no evidence suggesting reachability or exploitability. Fully automated exploitability detection remains beyond current technological capabilities.

Keysight SBOM Manager takes a more pragmatic approach by automatically filtering out many irrelevant vulnerabilities that are certainly not applicable and prioritizing the rest according to defined policies. This enables security teams to spend less time sorting through data and more time addressing real security risks.

5. Quality and Usability

Even a technically complete SBOM can be unusable if it contains inconsistent data, missing fields, or invalid relationships between components. Low-quality SBOMs cause import errors, break automated workflows, and lead to mistrust between suppliers and consumers, undermining the very purpose of software transparency. Quality in SBOMs is not just a best practice; it is increasingly a regulatory expectation. Frameworks and standards such as NTIA’s “Minimum Elements for a Software Bill of Materials (SBOM)” (2021), CISA’s “Minimum Elements for a Software Bill of Materials (SBOM) – 2025 Update”, the EU Cyber Resilience Act (Regulation (EU) 2024/2847), and regional initiatives like BSI Technical Guideline TR-03183-2: Software Bill of Materials (SBOM), and CERT-In’s Guidelines on SBOM, CBOM, QBOM, AIBOM, and HBOM (July 2025) define or reference minimum required fields that an SBOM must include to ensure interoperability and compliance. These fields typically cover critical attributes such as component name, version, supplier, unique identifier (CPE or PURL), dependency relationships, and other metadata. As these frameworks evolve, maintaining alignment with their requirements becomes essential for both product producers and consumers operating in regulated markets. The best SBOM solution should:

• Detect and where possible correct data quality issues automatically, ensuring that generated SBOMs conform to required structural and semantic standards.
• Validate unique identifiers, dependencies, and hierarchical relationships, maintaining consistency across components and subcomponents.
• Fill in missing metadata where possible to approach the minimum required fields defined by regulatory and industry standards.
• Support evolving formats including SPDX and CycloneDX, automatically adjusting to the latest schema versions and field requirements.
• Generate high-quality, standards-compliant SBOMs that can be directly consumed by other tools without manual rework.

Keysight SBOM Manager incorporates advanced validation, correction, and normalization capabilities that ensure SBOMs meet the minimum required field expectations defined by CISA, BSI TR-03183, and CERT-In whenever possible. It automatically detects incomplete or inaccurate metadata, resolves naming or identifier inconsistencies, and enriches missing elements where derivable from binary or auxiliary data sources. By producing high-quality, standards-compliant, and regulator-ready SBOMs, Keysight SBOM Manager ensures that producers can confidently demonstrate compliance while consumers can integrate and analyze SBOMs reliably across their environments. For producers, this means consistent, submission-ready outputs across product lines. For consumers, it provides dependable, structured data they can act on confidently for vulnerability monitoring, procurement assurance, and compliance reporting.

6. Enabling Consumers to Integrate SBOMs for Full Asset Visibility

True lifecycle management extends beyond the producer’s side. SBOM consumers must be able to ingest, normalize, and map SBOMs (whether provided by suppliers or generated internally from binaries) to their actual deployed assets. Without this linkage, even the most accurate SBOMs fail to provide actionable visibility into operational risk. The best SBOM solution should:

• Enable centralized ingestion and normalization of SBOMs from multiple sources and formats.
• Automatically map SBOM components to deployed assets, devices, and firmware versions in the organization’s environment.
• Support continuous vulnerability monitoring tied to real asset inventories, not just theoretical component lists.
• Provide dashboards and APIs that connect SBOM intelligence to asset management systems.

Keysight SBOM Manager provides a unified consumer view, enabling organizations to ingest SBOMs from both suppliers and internal analyses. It automatically correlates SBOM data with deployed assets and device inventories to pinpoint where vulnerabilities actually reside. The platform continuously monitors SBOM components against live vulnerability feeds and integrates seamlessly with existing asset management systems. It also supports advanced, comprehensive search capabilities, for example, when a new CVE is disclosed, users can identify all affected assets with a single click and visualize the full impact across organizations and devices through an impact graph.

A Comprehensive Approach: Bridging the Gaps Across the SBOM Lifecycle

Each of these six pillars is essential but what sets the best SBOM solution apart is the ability to bring them together into one cohesive platform. Keysight SBOM Manager was purpose-built to unify these capabilities and serve both sides of the SBOM equation:

SBOM Generator provides deep binary analysis and accurate component identification.

SBOM Studio enables product producers to manage, validate, monitor, and share SBOMs and vulnerabilities through the entire lifecycle.

SBOM Consumer empowers users and asset owners to ingest supplier SBOMs, assess vulnerabilities, and track ongoing risks.

This ecosystem bridges the traditional gap between producers and consumers by transforming SBOMs from static compliance artifacts into living security assets.

Conclusion: From Compliance to Confidence

The global push for software supply chain transparency is reshaping how organizations manage product security. Yet, visibility alone is not enough. The real challenge lies in trusting that visibility, trusting that your SBOM data is accurate, complete, and actionable. The best SBOM solution is not the one that generates the most data, but the one that delivers the most reliable and actionable insight. It must address every stage of the SBOM lifecycle and the needs of both producers and consumers by excelling in the following six pillars:

• Accuracy and Coverage – delivering comprehensive visibility into open-source, closed-source, and proprietary components within complex binaries.
• Vulnerability Correlation, Monitoring, and Context through Scalable VEX – ensuring continuous vulnerability intelligence across multiple data sources and providing contextual VEX information to assess exploitability.
• Scalable and Controlled SBOM Sharing – enabling secure, traceable, and regulator-ready SBOM and VEX distribution with role-based access and version control.
• Vulnerability Overload – reducing noise by filtering out irrelevant vulnerabilities and prioritizing vulnerabilities based on relevance, exploitability, and product context.
• Quality and Usability – maintaining high data integrity, adherence to evolving SBOM standards, and inclusion of as many minimum required fields as possible to ensure reliable downstream use.
• Enabling Consumers to Integrate SBOMs for Full Asset Visibility – allowing SBOM consumers to ingest, normalize, and map SBOMs to deployed assets for accurate vulnerability tracking.

With Keysight SBOM Manager, organizations can achieve this balance by bridging the gaps in SBOM accuracy, quality, and usability to move beyond compliance and build true supply chain confidence.

The Software Bill of Materials (SBOM) has become one of the most important tools in modern cybersecurity and software supply chain management. By listing the components that make up a piece of software or a device, SBOMs provide the visibility needed to assess vulnerabilities, ensure compliance, and maintain trust throughout the product lifecycle.

However, as SBOM adoption accelerates across industries, from industrial control systems to medical devices and telecommunications, many organizations are learning that not all SBOM solutions are created equal. Several widely used tools still struggle to meet the practical expectations and regulatory requirements emerging from frameworks such as the FDA guidance “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions”, the EU Cyber Resilience Act (Regulation (EU) 2024/2847), PCI DSS v4.0, and CERT-In SBOM and extended BOM guidelines. Incomplete data, inconsistent formats, and overwhelming vulnerability lists have made it difficult for security teams to rely on SBOMs for actionable intelligence or for confident regulatory submissions.

To understand what the best SBOM solution should deliver, it’s important first to recognize that there are two distinct types of SBOM users, SBOM producers and SBOM consumers, each with unique needs and expectations.

SBOM Producers: Building Secure and Transparent Products

SBOM producers are manufacturers, software vendors, and device makers who generate SBOMs for the software and firmware they develop or integrate. Their primary objectives include:

• Demonstrating transparency and compliance with regulations such as U.S. Executive Order 14028, the FDA guidance “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions”, and the EU Cyber Resilience Act (Regulation (EU) 2024/2847).
• Identifying and remediating vulnerabilities throughout the entire product lifecycle, not just during early development.
• Continuously monitoring released products for newly disclosed vulnerabilities, in line with postmarket obligations under FDA cybersecurity postmarket guidance and the EU CRA, which requires manufacturers to report actively exploited vulnerabilities within 24 hours.
• Prioritizing vulnerabilities, understanding available fixes, and ensuring timely remediation.
• Providing and updating SBOMs for each new firmware or software release, sharing them with customers, partners, and regulators to maintain transparency and compliance.

For producers, the challenge lies in creating accurate, complete, and shareable SBOMs that truly represent what is shipped to customers, including third-party and open-source dependencies embedded deep within compiled binaries. Many still rely on limited, source-based tools that cannot detect components or vulnerabilities hidden in closed, proprietary, or native code, resulting in incomplete visibility and compliance gaps.

In addition, producers face increasing complexity in generating and maintaining VEX (Vulnerability Exploitability eXchange) documents, which communicate whether identified vulnerabilities actually affect a product and provide the vendor’s assessment and response regarding their exploitability. Creating accurate VEX data and keeping it synchronized with evolving SBOMs is often a manual, time-consuming process, especially when products have multiple versions or variants.

Producers must also manage secure and traceable distribution of both SBOM and VEX files to regulators, customers, and ecosystem partners making automation, consistency, and lifecycle management essential features of the best SBOM solutions.

SBOM Consumers: Understanding and Managing Software Risks

SBOM consumers are asset owners, operators, and enterprise security teams who receive SBOMs from their suppliers or extract them directly from deployed devices. Their objectives differ from those of producers but are equally critical to maintaining a secure and resilient environment.

Their priorities include:

• Identifying vulnerabilities in products and systems deployed across their environments.
• Monitoring those vulnerabilities continuously against new disclosures, threat intelligence sources, and curated feeds such as the CISA Known Exploited Vulnerabilities (KEV) Catalog.
• Correlating SBOM data with internal asset management systems
• Ensuring compliance with emerging software supply chain regulations and procurement security requirements.

For consumers, the biggest challenge remains trust. Trust that the SBOMs they receive are accurate, complete, and regularly updated. However, trust is only part of the problem. Most organizations also lack a centralized platform capable of ingesting, managing, and maintaining large volumes of SBOMs from multiple suppliers, in different formats, and across multiple product categories. Without such a system, SBOMs remain siloed and quickly lose value as software evolves. Another significant challenge lies in the lack of reliable mapping between SBOM data and the organization’s actual asset inventory. Many consumers struggle to align specific SBOMs with deployed hardware, firmware, or software versions, preventing effective vulnerability monitoring and remediation.

Bridging the Gaps: What the Best SBOM Solution Should Deliver

Despite growing demand and regulatory momentum, most SBOM tools today still fall short in six critical areas: accuracy and coverage, vulnerability management, secure sharing, CVE overload, overall quality, and consumer SBOM visibility. Let’s examine each of these challenges, and what the best SBOM solution should provide to overcome them.

1. Accuracy and Coverage

Achieving 100% SBOM accuracy across complex supply chains is a high expectation. Modern software and firmware often include hundreds of components, some compiled, some statically linked, some inherited through nested dependencies. These complexities make perfect accuracy nearly impossible, especially for closed-source or third-party code. However, the best SBOM solution should strive for significantly improved accuracy and coverage through smarter analysis and more advanced detection techniques. Many existing SBOM tools rely solely on build-time or source-level scanning, which leaves blind spots when examining the actual binaries shipped to customers. This means that what’s in the SBOM might not reflect what’s in the deployed product. The best SBOM solution should:

• Detect components from native binary code, including closed-source and proprietary components, not just from source or open-source packages, to accurately represent the actual software delivered to customers.
• Accurately identify component name and versions and assign the correct unique identifiers, including both Common Platform Enumeration (CPE) and Package URL (PURL), to enable precise and reliable vulnerability mapping across different ecosystems.
• Recognize both static and dynamic dependencies, capturing linked components that are often missed by surface-level scanners.
• Produce results that comply with and support the latest versions of SBOM standards such as SPDX and CycloneDX, which continue to evolve to meet regulatory and industry requirements.
• Generate SBOMs that include as many of the minimum required fields specified by standards as possible, ensuring completeness and interoperability for downstream consumption, compliance reporting, and automated vulnerability analysis, even when certain metadata cannot be fully extracted from binaries.

Keysight SBOM Manager achieves this with patent-pending binary SBOM detection technology that reveals deeply embedded components and improves accuracy and coverage for native code binaries. This approach gives both producers and consumers more confidence that the SBOM truly represents the software or device in use.

2. Vulnerability Correlation, Monitoring, and Context through Scalable VEX

Generating an SBOM is only the first step. Once released, software and firmware must be continuously monitored for newly disclosed vulnerabilities. However, many current SBOM tools fail to incorporate diverse and authoritative vulnerability intelligence sources, relying solely on the NVD (National Vulnerability Database) while overlooking vendor advisories, and other vulnerability and threat intelligence sources that provide crucial context. Without this broader perspective, organizations face incomplete or outdated risk assessments.

The best SBOM solution should:

• Continuously correlate SBOM components against multiple data sources such as the NVD, CISA Known Exploited Vulnerabilities (KEV) Catalog, OSVDB, Github security advisories, vendor advisories and other vulnerability and threat intelligence sources.
• Automatically track and flag newly disclosed vulnerabilities that affect components listed in generated or imported SBOMs.
• Enable scalable generation of Vulnerability Exploitability eXchange (VEX) documents, which communicate whether identified vulnerabilities actually affect a product and provide the vendor’s assessment and response regarding their exploitability.
• Manage VEX data in alignment with SBOM updates, ensuring both remain synchronized as products evolve.

Keysight SBOM Manager integrates multi-source vulnerability correlation, combining data from NVD, CISA KEV, OSVDB, Github security advisories, vendor advisories, and other sources to ensure accurate, up-to-date vulnerability intelligence. It continuously monitors SBOM components for new CVE disclosures and enables generation of VEX documents at scale, allowing security teams to easily incorporate exploitability context. By maintaining synchronization between SBOM and VEX data across versions, Keysight enables proactive and context-rich vulnerability management throughout the product lifecycle.

3. Scalable and Controlled SBOM Sharing

Regulations such as the EU Cyber Resilience Act and the FDA cybersecurity premarket guidance require manufacturers to maintain up-to-date SBOMs and make them available to regulators upon request as part of compliance and risk management obligations. While these regulations do not mandate sharing SBOMs directly with customers or partners, market demand is rapidly shifting in that direction. Increasingly, enterprise customers, integrators, and critical infrastructure operators require suppliers to provide SBOMs as part of their procurement and vendor assurance processes, often making SBOM transparency a precondition for purchase or continued partnership. Yet in practice, many organizations still share SBOMs manually through emails or file transfers, which are neither scalable nor secure. The best SBOM solution should:

• Support controlled SBOM distribution through secure, role-based access.
• Allow producers to share SBOMs and VEX documents directly with customers, partners, and regulators through dedicated portals or APIs.
• Maintain version control and traceability, ensuring recipients always access the latest, verified version.
• Provide human-readable views of SBOMs and VEX data for transparency and ease of review which is crucial for regulatory and audit submissions.

This level of controlled, automated sharing transforms SBOMs from isolated compliance artifacts into living, shareable sources of product security truth.

Keysight SBOM Manager provides a centralized platform for secure and scalable SBOM distribution. Through role-based access control and built-in sharing workflows, producers can distribute SBOMs and VEX documents directly to customers, partners, and regulators without relying on manual file exchanges. Each shared SBOM is version-controlled and traceable, ensuring recipients always see the most recent and validated data. In addition, Keysight’s platform includes human-readable SBOM and VEX views, making it easier for non-technical stakeholders and regulators to review submissions with clarity and confidence.

4. Vulnerability Overload

A frequent frustration among SBOM users is vulnerability overload, when every potential vulnerability for every component is reported, regardless of relevance. While completeness sounds ideal in theory, in practice it overwhelms development and security teams, obscuring critical risks under a mountain of low-priority or irrelevant alerts. This issue is especially prevalent in SBOM tools that simply map every detected component to every associated CVE in the National Vulnerability Database (NVD) without any context. The best SBOM solution should:

• Filter irrelevant vulnerabilities intelligently based on product context.
• Support policy-based prioritization, allowing teams to focus on vulnerabilities that truly matter.
• Enable preparation for CVE reachability analysis, distinguishing theoretical vulnerabilities from those that are actually exploitable.

While a few tools claim to perform vulnerability reachability analysis, their results are often inconclusive, the absence of a vulnerability marked as “reachable” does not necessarily mean it cannot be exploited. It simply indicates that the tools found no evidence suggesting reachability or exploitability. Fully automated exploitability detection remains beyond current technological capabilities.

Keysight SBOM Manager takes a more pragmatic approach by automatically filtering out many irrelevant vulnerabilities that are certainly not applicable and prioritizing the rest according to defined policies. This enables security teams to spend less time sorting through data and more time addressing real security risks.

5. Quality and Usability

Even a technically complete SBOM can be unusable if it contains inconsistent data, missing fields, or invalid relationships between components. Low-quality SBOMs cause import errors, break automated workflows, and lead to mistrust between suppliers and consumers, undermining the very purpose of software transparency. Quality in SBOMs is not just a best practice; it is increasingly a regulatory expectation. Frameworks and standards such as NTIA’s “Minimum Elements for a Software Bill of Materials (SBOM)” (2021), CISA’s “Minimum Elements for a Software Bill of Materials (SBOM) – 2025 Update”, the EU Cyber Resilience Act (Regulation (EU) 2024/2847), and regional initiatives like BSI Technical Guideline TR-03183-2: Software Bill of Materials (SBOM), and CERT-In’s Guidelines on SBOM, CBOM, QBOM, AIBOM, and HBOM (July 2025) define or reference minimum required fields that an SBOM must include to ensure interoperability and compliance. These fields typically cover critical attributes such as component name, version, supplier, unique identifier (CPE or PURL), dependency relationships, and other metadata. As these frameworks evolve, maintaining alignment with their requirements becomes essential for both product producers and consumers operating in regulated markets. The best SBOM solution should:

• Detect and where possible correct data quality issues automatically, ensuring that generated SBOMs conform to required structural and semantic standards.
• Validate unique identifiers, dependencies, and hierarchical relationships, maintaining consistency across components and subcomponents.
• Fill in missing metadata where possible to approach the minimum required fields defined by regulatory and industry standards.
• Support evolving formats including SPDX and CycloneDX, automatically adjusting to the latest schema versions and field requirements.
• Generate high-quality, standards-compliant SBOMs that can be directly consumed by other tools without manual rework.

Keysight SBOM Manager incorporates advanced validation, correction, and normalization capabilities that ensure SBOMs meet the minimum required field expectations defined by CISA, BSI TR-03183, and CERT-In whenever possible. It automatically detects incomplete or inaccurate metadata, resolves naming or identifier inconsistencies, and enriches missing elements where derivable from binary or auxiliary data sources. By producing high-quality, standards-compliant, and regulator-ready SBOMs, Keysight SBOM Manager ensures that producers can confidently demonstrate compliance while consumers can integrate and analyze SBOMs reliably across their environments. For producers, this means consistent, submission-ready outputs across product lines. For consumers, it provides dependable, structured data they can act on confidently for vulnerability monitoring, procurement assurance, and compliance reporting.

6. Enabling Consumers to Integrate SBOMs for Full Asset Visibility

True lifecycle management extends beyond the producer’s side. SBOM consumers must be able to ingest, normalize, and map SBOMs (whether provided by suppliers or generated internally from binaries) to their actual deployed assets. Without this linkage, even the most accurate SBOMs fail to provide actionable visibility into operational risk. The best SBOM solution should:

• Enable centralized ingestion and normalization of SBOMs from multiple sources and formats.
• Automatically map SBOM components to deployed assets, devices, and firmware versions in the organization’s environment.
• Support continuous vulnerability monitoring tied to real asset inventories, not just theoretical component lists.
• Provide dashboards and APIs that connect SBOM intelligence to asset management systems.

Keysight SBOM Manager provides a unified consumer view, enabling organizations to ingest SBOMs from both suppliers and internal analyses. It automatically correlates SBOM data with deployed assets and device inventories to pinpoint where vulnerabilities actually reside. The platform continuously monitors SBOM components against live vulnerability feeds and integrates seamlessly with existing asset management systems. It also supports advanced, comprehensive search capabilities, for example, when a new CVE is disclosed, users can identify all affected assets with a single click and visualize the full impact across organizations and devices through an impact graph.

A Comprehensive Approach: Bridging the Gaps Across the SBOM Lifecycle

Each of these six pillars is essential but what sets the best SBOM solution apart is the ability to bring them together into one cohesive platform. Keysight SBOM Manager was purpose-built to unify these capabilities and serve both sides of the SBOM equation:

SBOM Generator provides deep binary analysis and accurate component identification.

SBOM Studio enables product producers to manage, validate, monitor, and share SBOMs and vulnerabilities through the entire lifecycle.

SBOM Consumer empowers users and asset owners to ingest supplier SBOMs, assess vulnerabilities, and track ongoing risks.

This ecosystem bridges the traditional gap between producers and consumers by transforming SBOMs from static compliance artifacts into living security assets.

Conclusion: From Compliance to Confidence

The global push for software supply chain transparency is reshaping how organizations manage product security. Yet, visibility alone is not enough. The real challenge lies in trusting that visibility, trusting that your SBOM data is accurate, complete, and actionable. The best SBOM solution is not the one that generates the most data, but the one that delivers the most reliable and actionable insight. It must address every stage of the SBOM lifecycle and the needs of both producers and consumers by excelling in the following six pillars:

• Accuracy and Coverage – delivering comprehensive visibility into open-source, closed-source, and proprietary components within complex binaries.
• Vulnerability Correlation, Monitoring, and Context through Scalable VEX – ensuring continuous vulnerability intelligence across multiple data sources and providing contextual VEX information to assess exploitability.
• Scalable and Controlled SBOM Sharing – enabling secure, traceable, and regulator-ready SBOM and VEX distribution with role-based access and version control.
• Vulnerability Overload – reducing noise by filtering out irrelevant vulnerabilities and prioritizing vulnerabilities based on relevance, exploitability, and product context.
• Quality and Usability – maintaining high data integrity, adherence to evolving SBOM standards, and inclusion of as many minimum required fields as possible to ensure reliable downstream use.
• Enabling Consumers to Integrate SBOMs for Full Asset Visibility – allowing SBOM consumers to ingest, normalize, and map SBOMs to deployed assets for accurate vulnerability tracking.

With Keysight SBOM Manager, organizations can achieve this balance by bridging the gaps in SBOM accuracy, quality, and usability to move beyond compliance and build true supply chain confidence.

Originally published by Mastercard

TORONTO, January 20, 2026 /3BL/ – Mastercard is shining a spotlight on Indigenous small businesses as part of the Toronto Maple Leafs Indigenous Celebration Game. In partnership with Maple Leaf Sports & Entertainment (MLSE), Mastercard will transform a dedicated space at Real Sports Apparel at Scotiabank Arena into the inaugural The Indigenous Playmaker Marketplace presented by Mastercard. Limited-edition merchandise from Indigenous-owned small businesses will be available for purchase, starting on January 10 when the Toronto Maple Leafs take on the Vancouver Canucks, until January 21, 2026*.

Fans can support these Indigenous small businesses by purchasing the authentic and meaningful products they created exclusively for the marketplace, as all sales go directly back to their businesses.

Get to know the Indigenous Playmakers:

1. aaniin: An Indigenous retailer, founded by Chelsee Pettit in Tkaronto in 2021 with a mission to initiate conversations on native languages by incorporating Indigenous Syllabics into aaniin designs, created a custom tote bag for fans.
2. FOR4GED Candle Company: With a desire to share traditional knowledge and promote balance and wellness for all, founder Taylor Parker makes hand-poured candles, blended with traditional Haudenosaunee ingredients, and created a special-edition scent for this marketplace.
3. Kokom Scrunchies: A family-run Indigenous business founded in 2019 by Mya Beaudry, an Algonquin youth from Kitigan Zibi Anishinabeg First Nation, and her mother Marcie Beaudry, the duo created a special edition scrunchie pack.
4. MINI TIPI: Co-founded in 2016 by Trisha Pitura, a member of Nipissing First Nation, and Melanie Bernard, from Quebec City of settler descent, they aim to address the lack of authentic Indigenous designs in the textile industry and created a custom blanket for fans.

As a long-standing champion of small business, Mastercard is committed to helping small-business owners, including Indigenous entrepreneurs, grow by providing opportunities and resources that can help them scale. Through digital enablement, cybersecurity educational tools, access to funding, mentorship and community building, these resources are designed to help small businesses achieve their business goals wherever they are in their journey.

“Indigenous small businesses play a crucial role in strengthening our local economies and it’s important to create opportunities for Indigenous entrepreneurs to showcase their talent and share their culture,” said Shawna Miller, senior vice president, Marketing & Communications at Mastercard  Canada. “We’re honoured to partner with MLSE and an inspiring group of Indigenous small business owners to showcase their work, grow their audience and ultimately help empower their journey toward sustained business success.”

As presenting partner of the Maple Leafs Indigenous Celebration Game, Mastercard will bring fans into the experience alongside the team to further support the Indigenous community, and more specifically, the Indigenous small business community. Fans attending the game can expect to see a ceremonial flag designed by Indigenous artist Jennifer Taback carried through the arena by fans in a shared ritual that symbolizes unity, respect and the power of community. In addition, a live Indigenous drum circle performance from Smoke Trail Singers Drum Group will take place on ice that will turn the entire arena into a living rhythm of culture and connection. Stories of Indigenous small business owners will also be featured on the in-arena videoboard to celebrate resilience and amplify Indigenous voices.

“The Maple Leafs’ annual Indigenous Celebration Night is an opportunity to amplify, honour and celebrate Indigenous cultures, and collaborating with partners who share this commitment helps elevate the experience to new heights,” said Jordan Vader, senior vice president, Global Partnerships, MLSE. “Together with Mastercard, we look forward to debuting The Indigenous Playmaker Marketplace and give fans a new, unique avenue to support Indigenous small businesses while cheering on their favourite team.”

“Indigenous businesses are full of incredible creativity, craftsmanship, and culture,” said Chelsee Pettit, founder of aaniin. “The Indigenous Playmaker Marketplace not only helps grow my business—it’s showcasing the stories, traditions, and perspectives that make Indigenous entrepreneurship so unique. I’m proud to be part of something that uplifts the entire community and showcases the amazing talent of so many Indigenous small businesses.”

Learn more about how Mastercard supports all small businesses in Canada here.

*The Indigenous Playmaker Marketplace will be open in Real Sports Apparel on January 10, 13, 14, 15, 19, 20 and 21.

Media contact
Helena Wade, Mastercard, Canada
helena.wade@mastercard.com

About Mastercard

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a resilient economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

www.mastercard.com

Continue reading here

Follow along Mastercard’s journey to connect and power an inclusive, digital economy that benefits everyone, everywhere.

Originally published by Mastercard

TORONTO, January 20, 2026 /3BL/ – Mastercard is shining a spotlight on Indigenous small businesses as part of the Toronto Maple Leafs Indigenous Celebration Game. In partnership with Maple Leaf Sports & Entertainment (MLSE), Mastercard will transform a dedicated space at Real Sports Apparel at Scotiabank Arena into the inaugural The Indigenous Playmaker Marketplace presented by Mastercard. Limited-edition merchandise from Indigenous-owned small businesses will be available for purchase, starting on January 10 when the Toronto Maple Leafs take on the Vancouver Canucks, until January 21, 2026*.

Fans can support these Indigenous small businesses by purchasing the authentic and meaningful products they created exclusively for the marketplace, as all sales go directly back to their businesses.

Get to know the Indigenous Playmakers:

1. aaniin: An Indigenous retailer, founded by Chelsee Pettit in Tkaronto in 2021 with a mission to initiate conversations on native languages by incorporating Indigenous Syllabics into aaniin designs, created a custom tote bag for fans.
2. FOR4GED Candle Company: With a desire to share traditional knowledge and promote balance and wellness for all, founder Taylor Parker makes hand-poured candles, blended with traditional Haudenosaunee ingredients, and created a special-edition scent for this marketplace.
3. Kokom Scrunchies: A family-run Indigenous business founded in 2019 by Mya Beaudry, an Algonquin youth from Kitigan Zibi Anishinabeg First Nation, and her mother Marcie Beaudry, the duo created a special edition scrunchie pack.
4. MINI TIPI: Co-founded in 2016 by Trisha Pitura, a member of Nipissing First Nation, and Melanie Bernard, from Quebec City of settler descent, they aim to address the lack of authentic Indigenous designs in the textile industry and created a custom blanket for fans.

As a long-standing champion of small business, Mastercard is committed to helping small-business owners, including Indigenous entrepreneurs, grow by providing opportunities and resources that can help them scale. Through digital enablement, cybersecurity educational tools, access to funding, mentorship and community building, these resources are designed to help small businesses achieve their business goals wherever they are in their journey.

“Indigenous small businesses play a crucial role in strengthening our local economies and it’s important to create opportunities for Indigenous entrepreneurs to showcase their talent and share their culture,” said Shawna Miller, senior vice president, Marketing & Communications at Mastercard  Canada. “We’re honoured to partner with MLSE and an inspiring group of Indigenous small business owners to showcase their work, grow their audience and ultimately help empower their journey toward sustained business success.”

As presenting partner of the Maple Leafs Indigenous Celebration Game, Mastercard will bring fans into the experience alongside the team to further support the Indigenous community, and more specifically, the Indigenous small business community. Fans attending the game can expect to see a ceremonial flag designed by Indigenous artist Jennifer Taback carried through the arena by fans in a shared ritual that symbolizes unity, respect and the power of community. In addition, a live Indigenous drum circle performance from Smoke Trail Singers Drum Group will take place on ice that will turn the entire arena into a living rhythm of culture and connection. Stories of Indigenous small business owners will also be featured on the in-arena videoboard to celebrate resilience and amplify Indigenous voices.

“The Maple Leafs’ annual Indigenous Celebration Night is an opportunity to amplify, honour and celebrate Indigenous cultures, and collaborating with partners who share this commitment helps elevate the experience to new heights,” said Jordan Vader, senior vice president, Global Partnerships, MLSE. “Together with Mastercard, we look forward to debuting The Indigenous Playmaker Marketplace and give fans a new, unique avenue to support Indigenous small businesses while cheering on their favourite team.”

“Indigenous businesses are full of incredible creativity, craftsmanship, and culture,” said Chelsee Pettit, founder of aaniin. “The Indigenous Playmaker Marketplace not only helps grow my business—it’s showcasing the stories, traditions, and perspectives that make Indigenous entrepreneurship so unique. I’m proud to be part of something that uplifts the entire community and showcases the amazing talent of so many Indigenous small businesses.”

Learn more about how Mastercard supports all small businesses in Canada here.

*The Indigenous Playmaker Marketplace will be open in Real Sports Apparel on January 10, 13, 14, 15, 19, 20 and 21.

Media contact
Helena Wade, Mastercard, Canada
helena.wade@mastercard.com

About Mastercard

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a resilient economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

www.mastercard.com

Continue reading here

Follow along Mastercard’s journey to connect and power an inclusive, digital economy that benefits everyone, everywhere.