Jun 9, 2025

BlueVoyant Creates New SBOM Capabilities to Reduce Third-Party Risks from Commercial Software Jun 9, 2025 BlueVoyant , a leader in integrated cybersecurity, is launching its Software Bill of Materials (SBOM) management offering, helping organizations reduce risk related to software by automating the ingestion, analysis, and tracking of software component information from third-party software vendors. The latest advancements enhance Supply Chain Defence, BlueVoyant’s next-generation third-party cyber risk management solution that continuously monitors suppliers, vendors, and other third parties, and then works with them to quickly remediate threats. BlueVoyant’s SBOM solution is powered through a partnership with Manifest, a cybersecurity company that specializes in securing software supply chains for corporate and government entities. By leveraging the BlueVoyant-Manifest SBOM solution, security teams can proactively gain deep insights into software risk exposure and other dependencies that their businesses may rely on, according to the company. “By combining Manifest's depth of experience in SBOM with BlueVoyant’s holistic Supply Chain Defence, clients get continuous monitoring and remediation to solve their biggest third-party cybersecurity challenges,” said Marc Frankel, CEO and co-founder of Manifest. The key benefits of utilizing SBOM for third-party risk are: Vendor risk management: Automatically solicit SBOMs from vendors, see intuitive risk levels for vendor products, and incorporate them into comprehensive third-party cyber risk management. Smarter vulnerability management: Prioritize vulnerabilities quickly, and triage issues to reduce false positives and avoid unnecessary mitigation work. Open Source Software (OSS) risk management: Create an enterprise-wide inventory of OSS across first and third-party products, and scan OSS repositories to assess risk before implementing them. Simplified compliance: Easily demonstrate compliance and provide evidence for international regulations and standards such as R155, Executive Order 14028, Section 524B, the European Cyber Resilience Act, and the EU’s NIS2 and DORA. “Organizations in the private and public sectors are realising that SBOM visibility is a crucial part of a proactive third-party cyber risk management program,” said Joel Molinoff, global head of supply chain defense at BlueVoyant. “By enhancing BlueVoyant’s Supply Chain Defence with Manifest’s SBOM capabilities, our clients are expanding their risk visibility deeper into the software supply chain and ensuring continuous monitoring and remediation of critical threats.” Supply Chain Defence is part of the BlueVoyant Cyber Defence Platform, which provides holistic cyber defence by helping clients to detect, investigate, and mitigate threats from internal, external, and third-party ecosystems in one cloud-native platform, the company said. For more information about this news, visit www.bluevoyant.com .