Black Kite released its new Product Analysis module, which allows security teams to evaluate the risks of third-party software products at a granular level. As the first TPRM platform to offer this capability, Black Kite provides a more detailed view of exposure and supports better decision-making around specific products and vendor outreach. The new module delivers intelligence on software supply chain risk through deep downloadable software analysis (CPE), SaaS subdomain analysis, and SBOM analysis.
“Organizations depend on a wide range of software products that can introduce hidden risks into their environments,” said Candan Bolukbas, CTO of Black Kite. “Vendor assessments provide critical visibility, but a strong overall vendor posture doesn’t necessarily guarantee the security of every product they offer, and vice versa. Black Kite’s new Product Analysis module closes that gap by giving teams precise, actionable insight into where vulnerabilities exist, from SaaS to software supply chain dependencies, so they can take targeted action before risk becomes exposure.”
With Black Kite’s Product Analysis, teams can go one step beyond vendor analysis by assessing individual products to gain deeper insight into supply chain risks associated with third-party software, improving both the speed and accuracy of product evaluations.
The new module combines multiple intelligence sources and analysis methods to deliver clear, product-level insight into vulnerabilities, exploitability, and risk posture:
- Downloadable Software Analysis (CPE): Maps software products to their producing vendors and calculates risk levels (low, medium, high) based on CVEs, exploits, certifications, and end-of-life status.
- SaaS Subdomain Analysis: Identifies SaaS subdomains, associates them with the correct company, and evaluates vulnerabilities and potential exploits for each.
- SBOM Analysis & Mapping: Analyzes open-source components and dependencies within third-party software to uncover hidden vulnerabilities and nested dependencies.
The Product Analysis module gives TPRM teams and security leaders an understanding of product-level risk exposure. Key benefits include:
- More confident decisions during software evaluation and onboarding.
- Stronger ongoing monitoring through precise insights that drive mitigation actions such as upgrades or configuration changes.
- Compliance support for federal and regulated industries that must perform SBOM analysis and broader risk assessments in alignment with EO 14028.
Product Analysis enables TPRM teams to seamlessly evaluate the risks associated with both the software they use and the software used by their third parties, helping them prioritize mitigation actions and vendor outreach to reduce potential exposure and impact from software vulnerabilities and other risks.