Karamba VMS

Karamba Security's Vulnerability Management System (VMS) allows Product Security teams to manage their vulnerability assessment and prioritization process in a central location, creating a common language for all internal and 3rd-party stakeholders (Product Security, SOC analysts, R&D architects and developers, quality assurance teams, validation, homologation, and management).

At the base of the system is a detailed, hierarchical Software/Firmware Component inventory, allowing a Software BOM for products and product lines.

The system enables handling a range of security issues: code vulnerabilities, weaknesses, misconfiguration, and CVEs from various sources across the product lifecycle. Sources include NVD and other public CVE databases, penetration testing reports, Threat Analysis and Risk Assessment (TARA) reports, binary scanning results, bug bounty and information disclosure reports, threat intelligence sources like Open Source Intelligence (OSINT), and other feeds.

Analyze Blast Radius

Easily provide accurate impact analysis reports, mapping issues to system impact, across multiple product lines and software versions.

Exploitability and Remediation Analysis

Cluster similar issues, assess priority for specific products, reduce priority if not exploitable, or increase it if exploit is available. Assign to relevant teams for mitigation.

Generate Reports for Homologation and Compliance Reports

Report and help manage the list of documents needed for R155 Type Approval, based on ISO 21434 and other standards.