In the past, security information was distributed by e-mail. The result was that these were often not read. The distribution of SBOMs (Software Bill of Material) was also not very promising, because the existence of security vulnerabilities and CVEs in a component does not mean that the product containing it is also affected. Security concerns often had to be clarified manually, which is time-consuming and causes internal effort and therefore costs.
For this reason, we have decided to transfer the security management to a separate team. The sematicon Security Response Team, SRT for short.
Our SRT, which reports directly to the Management Board, has done a great job and eliminated the manual processes. With the introduction of OASIS-CSAF (OASIS Common Security Advisory Framework) at sematicon, you can now query and process all security reports automatically.
As a "CSAF Trusted Provider", sematicon AG is also setting new standards in the automatic analysis of SBOMs. With the switch to CycloneDX and the introduction of CSAF VeX (Vulnerability Exploitability eXchange), customers can automatically assess the risk of operating se.MIS. SBOMs can be compared with the digital VeX reports. This gives you immediate information on whether a security vulnerability in a component also has an impact on our products. Recommendations from our security experts are also available promptly. This makes us a leader in the industry!
We test our solutions internally several times a day and we ensure our product safety transparently for our customers through external safety tests. In this way, we are making a further contribution to supporting SOCs and security managers and welcome any kind of cooperation with the aim of a secure industry.
The reporting of security vulnerabilities has also been standardized.
More Information about CSAF is available at the website of the "Federal Office for Information Security" available here.
Information on the SRT can be found here:
%20is%20launched){kind=link}