SBOMs the right way

SBOM is currently the hot topic in the product security environment. Customer needs and legal requirements already reached our economy or will hit us hard very soon. This affects not only the mainstream IoT environment, but also critical environments like ICS (Industrial Control Systems) and OT (Operational Technology). Multiple commercial and open-source solutions for SBOM generation are already available. The quality of the results is often more than questionable.

EMBArk is the established firmware analyzer mainly used by penetration-testers, security researchers and small security teams. With EMBArk we enable collaboration, central management and enterprise environments to perform firmware analysis and cutting edge SBOM generation on a broad base integrated into your security processes. The EMBArk SBOM generation is more than just reading package managers. Our approach is also capable of recovering the SBOM without a package manager in place.

Beside a basic SBOM introduction, we give an overview of the power of the firmware analyzer EMBArk as your main SBOM tooling in enterprise environments. This talk will cover the main features and use cases. Additionally, we will show multiple eye-opening benchmark results of different established tools, and we finalize this talk with a live demonstration of EMBArk.

After our EMBA talk at Troopers 22 we moved on to fulfill the current needs of managing the Cyber Resilience Act in the form of product SBOMs. This would be the first time we will show these features on a security conference.