Keysight Launches SBOM Manager to Help Organizations Prepare for Emerging Global Cybersecurity Regulations

Rhea-AI Impact

(Neutral)

Rhea-AI Sentiment

(Neutral)

Key Terms

software bill of materials technical

A software bill of materials is a detailed inventory of all the components, libraries and open-source pieces used to build a software product—think of it like an ingredient label for software. It matters to investors because it makes security, licensing and maintenance risks visible, helping assess potential costs from vulnerabilities, legal obligations or required updates and therefore influencing a company’s risk profile and future cash needs.

sbom technical

A software bill of materials (SBOM) is a detailed inventory listing all the underlying pieces — code libraries, open-source components, and modules — that make up a software product, like an ingredient list for a recipe. Investors care because an SBOM reveals potential security vulnerabilities, licensing risks, and supply-chain exposures that can lead to costly breaches, regulatory penalties, or downtime; knowing what’s inside software helps assess operational and compliance risk.

firmware technical

Firmware is the built-in software that tells a physical device how to operate, stored in the device’s permanent memory rather than on a removable app. Think of it as the instruction manual glued into a gadget’s brain that controls basic functions and features. Investors care because firmware updates or flaws can change a product’s capabilities, security, repair costs, regulatory compliance and customer satisfaction, all of which can affect sales, margins and company value.

vulnerability exploitability exchange (vex) technical

Vulnerability Exploitability Exchange (VEX) is a standardized data file that says whether a known software flaw actually affects a particular product and whether that flaw can be used to break into a system. For investors, VEX files act like safety reports for digital tools: they help judge how exposed a company is to cyberattacks, potential downtime, regulatory fines, or costly fixes, much like an inspection certificate helps assess building safety and repair costs.

open source technical

Open source means the underlying software code is made publicly available so anyone can inspect, copy, change, or reuse it, similar to sharing a recipe so others can tweak and improve it. Investors care because open source can lower a company’s development costs, speed innovation through community contributions, and increase adoption, but it also affects how a business makes money and can introduce licensing or support risks that influence value.

supply chain risk management technical

Supply chain risk management is the process a company uses to identify, assess and reduce threats to the flow of materials, components, services and information needed to make and deliver products. For investors it matters because disruptions — from supplier failures to shipping delays or cyberattacks — can raise costs, halt revenue and damage reputation; effective management is like keeping multiple routes and spare tires to protect a business’s cash flow and reliability.

secure-by-design technical

Designing a product, system, or service so security is built in from the very start rather than tacked on later; it means planning features, default settings, and development steps that prevent misuse, limit who can do what, and make attacks harder—like building a safe into a house instead of installing a padlock afterward. Investors care because it lowers the chance of costly data breaches, regulatory fines, downtime and brand damage, reducing future remediation costs and preserving long‑term value.

executive order 14028 regulatory

An executive order directing the federal government to raise and standardize cybersecurity defenses, improve how agencies find and respond to breaches, and set stricter rules for the software and services they buy — think of it as a new nationwide building code for digital security. For investors, it matters because it changes what government contractors and technology vendors must deliver, can shift costs or create new revenue opportunities for security-focused firms, and can influence regulatory risk and disclosure expectations across affected industries.

03/18/2026 - 11:00 AM

New solution streamlines SBOM generation, vulnerability intelligence, and secure sharing to support compliance with the EU Cyber Resilience Act and global cybersecurity mandates

SANTA ROSA, Calif.--(BUSINESS WIRE)-- Keysight Technologies, Inc. (NYSE: KEYS) announced the launch of Keysight SBOM Manager, a new solution designed to help organizations meet growing global cybersecurity and software transparency requirements, led by the European Union’s Cyber Resilience Act (CRA). The solution provides a unified approach to generating, managing, and using Software Bill of Materials (SBOMs) for digital products, enabling organizations to meet regulatory obligations with greater accuracy, confidence, and consistency across the product lifecycle.

Keysight SBOM Manager enables organizations to generate, manage, and securely share Software Bills of Materials, improving software transparency and supporting compliance with global cybersecurity regulations.

Cybersecurity regulations worldwide are converging on a common expectation: manufacturers must understand, manage, and disclose the components within their digital products, including software and firmware. Regulations such as the EU CRA, U.S. Executive Order 14028, U.S. Food and Drug Administration (FDA) cybersecurity requirements for medical devices, and emerging frameworks in Asia are making SBOMs a foundational requirement for market access, regulatory approval, and customer trust worldwide.

Keysight SBOM Manager is designed to support this shift by addressing the practical challenges organizations face as SBOM requirements expand. The solution enables broader and more accurate visibility into digital products by analyzing binary software, firmware, containers, and other packaged components, including closed-source and deeply embedded dependencies. It continuously correlates SBOMs with multiple authoritative vulnerability sources, intelligently filters out vulnerabilities that are not applicable, and supports the use of Vulnerability Exploitability eXchange (VEX). This enables teams to focus on meaningful risk rather than being overwhelmed by raw vulnerability data.

In addition, Keysight SBOM Manager supports secure and scalable sharing of SBOMs and vulnerability information through controlled, role-based access and version tracking, helping organizations meet regulatory and customer transparency expectations. Built-in validation and normalization help ensure SBOMs align with evolving standards and regulatory minimum requirements, while support for SBOM consumers enables organizations to ingest, manage, and map SBOMs to deployed digital assets, connecting transparency directly to real operational environments.

Naoki Shimazaki, Fourth Design Department, Director, Software-Defined Solutions Division, Connective Engineering Division, Hitachi Industry & Control Solutions, Ltd., said: “The use of SBOMs is becoming an essential element in monitoring system security risks, including software composition management and supply chain risk management. We believe that solutions such as these, which enable visibility into system components and support vulnerability impact analysis, have significant potential to strengthen organizations’ cybersecurity efforts.”

Dmitry Raidman, Co-founder and Chief Technology Officer, CyBeats, said: “While companies innovate at the speed of AI, they must also put tighter governance and stronger controls in place, especially as modern products increasingly rely on open source, third-party components, and AI-assisted development. Supply chain transparency and accountability are now paramount. To meet growing global regulations, organizations need the ability to continuously generate trustworthy SBOMs, correlate them with actionable vulnerability intelligence, apply VEX to reduce noise, and automate response workflows at scale. As transparency expectations expand across software, AI, cryptography, and hardware, visibility into the full digital product stack is becoming essential for secure-by-design development, regulatory readiness, and customer trust.”

Ram Periakaruppan, Vice President and General Manager, Network Test & Security Solutions at Keysight, said: “As cybersecurity regulations mature, SBOMs are becoming a prerequisite for doing business globally. Keysight SBOM Manager helps organizations meet these requirements with confidence by bringing accuracy, consistency, and scalability to SBOM generation and management.”

The EU CRA, which comes into force in 2026, requires manufacturers of connected digital products to implement cybersecurity risk management, maintain SBOMs, and report actively exploited vulnerabilities within 24 hours. Similar expectations are already in place through U.S. Executive Order 14028 and FDA cybersecurity guidance, while regulators in India, Japan, and South Korea are formalizing SBOM requirements across regulated sectors. Failure to comply can result in penalties, delayed approvals, recalls, or restricted market access.

By bringing together accurate SBOM generation for digital products, continuous vulnerability intelligence, secure sharing, data quality assurance, prioritization, and consumer-side visibility in a single platform, Keysight SBOM Manager helps organizations reduce regulatory risk, improve vulnerability response, and build greater trust across global digital supply chains.

Resources

Product Page: Keysight SBOM Manager

About Keysight Technologies

At Keysight (NYSE: KEYS), we inspire and empower innovators to bring world-changing technologies to life. As an S&P 500 company, we’re delivering market-leading design, emulation, and test solutions to help engineers develop and deploy faster, with less risk, throughout the entire product life cycle. We’re a global innovation partner enabling customers in communications, industrial automation, aerospace and defense, automotive, semiconductor, and general electronics markets to accelerate innovation to connect and secure the world. Learn more at Keysight Newsroom and www.keysight.com.