Black Kite, vendor of third-party cyber risk management, announced the release of its new Product Analysis module, which allows security teams to evaluate the risks of third-party software products at a granular level. As the first TPRM platform to offer this capability, Black Kite delivers a more detailed view of exposure and supports better decision-making around specific products and vendor outreach. The new module delivers intelligence on software supply chain risk through deep downloadable software analysis (CPE), SaaS subdomain analysis, and SBOM analysis.
“Organizations depend on a wide range of software products that can introduce hidden risks into their environments,” said Candan Bolukbas, CTO and founder of Black Kite. “Vendor assessments provide critical visibility, but a strong overall vendor posture doesn’t necessarily guarantee the security of every product they offer, and vice versa. Black Kite’s new Product Analysis module closes that gap by giving teams precise, actionable insight into where vulnerabilities exist, from SaaS to software supply chain dependencies, so they can take targeted action before risk becomes exposure.”
With Black Kite’s Product Analysis, teams can go one step beyond vendor analysis by assessing individual products to gain deeper insight into supply chain risks associated with third-party software, improving both the speed and accuracy of product evaluations.
The new module brings together several intelligence sources and analysis methods to offer clear, product-level visibility into vulnerabilities, exploitability, and overall risk posture. Its software analysis capability maps products to their vendors and assigns a risk level of low, medium, or high based on CVEs, known exploits, certifications, and end-of-life status. It also identifies SaaS subdomains, links them to the correct organization, and evaluates each one for vulnerabilities and potential exploitation paths. In addition, it reviews software bills of materials to analyze open-source components and dependencies inside third-party products, revealing hidden weaknesses and layered dependencies that could otherwise go unnoticed.
The Product Analysis module gives TPRM teams and security leaders a clear and accurate view of product-level risk exposure. It supports more confident decision-making during software evaluation and onboarding by offering a stronger understanding of where vulnerabilities may sit. It also improves ongoing monitoring by delivering precise insight that can guide mitigation steps such as version upgrades or configuration adjustments. The module further helps organizations in federal and regulated sectors meet compliance requirements that call for SBOM analysis and wider risk assessments aligned with Executive Order 14028.
Product Analysis enables TPRM teams to seamlessly evaluate the risks associated with both the software they use and the software used by their third parties, helping them prioritize mitigation actions and vendor outreach to reduce potential exposure and impact from software vulnerabilities and other risks.
