#USA #Washington #software security #Manifest #SBOM

Manifest Unveils New SBOM Generator

In a significant step towards enhancing software supply chain security, Manifest, a leader in the sector of AI and software security, has introduced a new Software Bill of Materials (SBOM) generator focused on unmanaged C and C++ programming languages. This breakthrough tool aims to eliminate longstanding blind spots, which have been a challenge for software teams developing critical systems, including those in automotive, medical, and defense arenas.

Addressing Critical Blind Spots

C/C++ programming is foundational for some of the most essential technologies in modern society. However, teams working with these languages often face hurdles in attaining clear visibility into the software components they ship. Traditional toolchains and disparate ecosystems have contributed to a lack of reliable inventory of the software used in these systems.

Manifest’s new SBOM generator is designed to tackle these challenges head-on. It allows organizations to generate, inventory, and scrutinize accurate SBOMs, thereby enhancing visibility and compliance across critical infrastructure. By automating this process, security teams can efficiently identify vulnerabilities and prioritize their responses.

Key Features of Manifest's SBOM Generator

The Manifest C/C++ SBOM Generator introduces several impressive features:

1. Enhanced Visibility for Critical Systems

This tool provides extensive coverage for low-level C/C++ components and operating system elements embedded in devices. Traditionally, these areas have seen insufficient oversight, making them vulnerable to security threats.

2. Accelerated Risk Response

With enriched SBOMs that highlight the exact locations of potentially compromised components, teams can significantly reduce the time needed to assess and mitigate vulnerabilities. This responsiveness is crucial in environments where any delay can result in dire consequences.

3. Regulatory Compliance

In highly regulated sectors such as healthcare and automotive, adherence to strict transparency and risk management protocols is essential. The Manifest SBOM generator assists organizations in producing accurate, comprehensive SBOMs that align with regulatory requirements, including thorough documentation for pre-market submissions of medical devices.

Moving Beyond Traditional Challenges

In addition to the SBOM generator, Manifest is launching a suite of enhancements aimed at providing greater insight into software components. These improvements focus on:

• - Automated Vulnerability Mapping: This feature addresses vulnerabilities across Nix packages and measures end-of-life statuses, ensuring comprehensive coverage.
• - Third-Party Risk Mitigation: Through binary analysis, the tool delivers visibility into vendor components even when SBOMs are not available. Actionable insights help prioritize vendors based on their risk profiles.
• - AI Governance: With ongoing assessments of both open-source and custom AI models, customers maintain an up-to-date perspective on model risks across their organizations.

A Vision for the Future

As discussed by Daniel Bardenstein, CEO of Manifest, C/C++ programming continues to play a vital role in the architecture of critical infrastructure despite the push for memory-safe languages. The introduction of this SBOM generator not only bridges a notable gap in software supply chain security but also reaffirms Manifest's commitment to enhancing risk management in the regulatory landscape.

Manifest has reinforced its focus on ensuring that security remains robust across the board, particularly as the demand for AI governance continues to grow. Following the successful launch of Manifest AI Risk in 2025, the company is positioned to aid organizations in managing risks associated with AI alongside traditional software development, thereby fostering a secure and efficient environment for ongoing technological innovation.

With its advanced tools and comprehensive approach, Manifest is set to empower organizations across various industries, ensuring both security and compliance while enabling agile development practices. To learn more, visit Manifest's official website.