NetRise Introduces New Features for Managing SBOMs & CISA KEV Catalog Support  

NetRise, the company providing granular visibility into the world’s XIoT security problem, today announced advanced capabilities for maintaining and working with Software Bill of Materials (SBOMs) and support for the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog for managing and understanding the risks associated with software components in the firmware of connected devices. 

As the security of the software and firmware supply chain and regulation around SBOMs continue to dominate the industry landscape, the impact of consuming and generating a list of ‘ingredients’ for each device cannot be overstated. With the continuing push for new standards to require visibility in the supply chain, device consumers and asset owners need a solution to enable them to streamline SBOM management and vulnerability prioritization efforts.

NetRise recognizes the current challenges in the market, enhancing its customers’ and partners’ ability to manage vulnerabilities effectively, and offers the solution these industry personas have been seeking; the ability to ingest and enrich SBOMs from multiple sources. This key capability helps device manufacturers and owners alike better manage the underlying components and vulnerabilities of XIoT devices. 

With the growing prominence of KEVs, NetRise’s adoption of CISA’s KEV data provides users with an efficient method for prioritizing the most exploitable vulnerabilities. Today, a typical enterprise sorts through potentially hundreds of thousands of vulnerabilities, and the ability to prioritize remediation efforts based on exploitability alters the dynamics of device security. In 2022, about 30% of KEVs affected XIoT devices or software components used by XIoT devices. So far, in 2023, that figure is approximately 20%. Considering that any CVE could be on the KEV list, these are impressive numbers. 

Key benefits of these new features in the NetRise Platform include:

  • By overlaying CISA KEV catalog data, NetRise empowers a comprehensive understanding of known exploits to identify, address, and prioritize the most critical vulnerabilities.
  • The NetRise platform supports the ingestion of two major SBOM formats (SPDX and CycloneDX), enriches them with vulnerability information, and exports in either format for external use.
  • With a dark mode feature to minimize eye strain and enhance visibility in glare-prone environments, NetRise delivers an innovative interface design for improved user experience. 

For more information about NetRise’s presence at Black Hat USA 2023, please visit To learn more about these advancements and other capabilities of the NetRise platform, visit 

Leave a Reply

%d bloggers like this: