New Trustcenter for Teams Makes Software Bill of Materials Operational

New licensing for teams, improves security by adding vulnerability information, providing exploitability scores

Codenotary, leaders in software supply chain protection, today announced the latest release of Trustcenter for Teams – adding vulnerability information to the Software Bill of Materials (SBOM) and now reporting an exploitability score to improve software security.

Codenotary also introduced Trustcenter for Teams packaging option targeted at small groups of users starting at $49 per month.

Trustcenter now adds support for the VEX (Vulnerability Exploitability eXchange) format which is used to enhance information contained in the SBOM by communicating the current status of vulnerabilities discovered in software components, such as:

• Current status on mitigation for the vulnerability;
• Recommended workaround;
• Availability of a patch or new version.

“This takes the SBOM beyond simply being a list of ingredients,” said Dennis Zimmer, co-founder and chief technology officer, Codenotary. “Now, there is actionable information attached, which makes the SBOM operational and not just a static list.”

Further, Trustcenter provides exploitability scores based on the EPSS (Exploit Prediction Scoring System) model providing guidance based on a standard that assesses the probability that a software vulnerability could be exploited. There are EPSS scores for all published common vulnerabilities and exposures (CVE).

“Exploitability scores are very useful for determining and assessing overall threats,” said Zimmer. “When combined with VEX information, it really provides a clear picture of vulnerabilities – their status and severity. We expect more and more vendors to produce VEX information for their software to share with their customers via Trustcenter.”

With the new release, Trustcenter provides full functionality to generate a SBOM, detect vulnerabilities, add VEX information, and report the exploitability score. Trustcenter enables enterprises to comply with the U.S. Executive Order on Improving the Nation’s Cybersecurity, which includes maintaining a Software Bill of Materials (SBOM), as well as the SLSA security framework to ensure trust in the software supply chain.

“Our customers face a huge challenge with regard to the software supply chain,” said Mirco Leimgruber, co-founder and chief technology officer, Essentx AG, a cloud security service provider. “For them, one essential challenge is the usage of SBOMs to get detailed insights about the software they are using and its components. To enable our customers to calculate potential risks and make decisions about how to mitigate them, SBOMs are a key factor to understand the software.”

Codenotary offers a free trial for Trustcenter at https://codenotary.com/tc-trial

About Codenotary

With hundreds of customers that includes top three banks in the U.S. and Europe, Codenotary brings easy to use trust and integrity into the software lifecycle by providing end-to-end cryptographically verifiable tracking and provenance for all artifacts, actions, and dependencies. Trustcenter can be set up in minutes and can be fully integrated with modern CI/CD platforms. It is the only immutable and client-verifiable solution available that is capable of processing millions of transactions a second. With the Codenotary tamper-proof bill of materials, users can instantly identify untrusted components in their software builds. For more information, go to https://www.codenotary.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20230411005192/en/