Third Party Risk Manager
Risk Assessment
Analyze and score vendor risk based on SBOM analysis
Risk Assessment
Automatically assess vendor risk based on SBOM analysis, vulnerability data, and compliance status.
Risk Score
Each vendor receives a risk score (0-100):
| Score | Risk Level | Description |
|---|---|---|
| 0-25 | Critical | Immediate action required |
| 26-50 | High | Significant concerns |
| 51-75 | Medium | Moderate risk |
| 76-100 | Low | Acceptable risk |
Risk Factors
Vulnerability Risk
Based on SBOM analysis:
- Critical vulnerability count
- High vulnerability count
- EPSS scores (exploit probability)
- Known exploited vulnerabilities
Compliance Risk
Based on SBOM quality:
- EO 14028 compliance percentage
- Missing required fields
- Outdated SBOM (age)
- Format validity
Component Risk
Based on dependency health:
- Abandoned packages
- License compliance
- Transitive dependency depth
- Known malicious packages
Operational Risk
Based on vendor factors:
- Response time to requests
- Update frequency
- Security incident history
- Contract compliance
Assessment Report
Generate detailed risk reports:
- Select vendor(s)
- Click Generate Report
- Report includes:
- Executive summary
- Risk score breakdown
- Vulnerability details
- Compliance gaps
- Recommendations
Comparative Analysis
Compare vendors side-by-side:
- Risk scores
- Vulnerability counts
- Compliance status
- Trend over time
Risk Acceptance
Document accepted risks:
- Review the risk finding
- Click Accept Risk
- Provide business justification
- Set review date
- Obtain required approvals
Remediation Tracking
Track vendor remediation efforts:
- Requested fixes
- Vendor commitments
- Progress updates
- Verification status