CAMBRIDGE, Mass., April 25, 2025 (GLOBE NEWSWIRE) -- ReversingLabs (RL), the trusted name in file and software security, today announced the launch of leading support for eXtended Bill of Materials (xBOM) capabilities with Spectra Assure™. Available now, these new features include the Cryptographic Bill of Materials (CBOM), Software-as-a-Service Bill of Materials (SaaSBOM), and Machine Learning Bill of Materials (ML-BOM), marking an industry first for fully compiled commercial software. This innovation provides both software producers and enterprise buyers with unprecedented visibility into the components, services, and risks hidden within today’s increasingly complex software ecosystems.
First-to-Market for Most Comprehensive Support for CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. CycloneDX is an international standard ratified by Ecma International as ECMA-424.
“CycloneDX elevates traditional SBOMs into a truly extensible, machine‑readable framework that captures critical supply chain metadata,” said Steve Springett, Chair of OWASP CycloneDX and Ecma TC54. “ReversingLabs Spectra Assure takes full advantage of these advanced specification features to deliver deep transparency and empower organizations to drive targeted risk reduction efforts.”
With the evolution of software supply chain security, traditional ingredient-only SBOMs lack context and do little to address emerging risks. The Spectra Assure SAFE report includes the most comprehensive SBOM and risk assessment of an application to identify malware, tampering, suspicious behaviors, and more. With expanded xBOM support, Spectra Assure now offers comprehensive inventories with actionable security assessments for cryptographic assets, SaaS dependencies, and machine learning models. Producers are further empowered with the ability to edit SBOM components and declare SaaS services and ML models. The ability to go beyond the SBOM is critical as businesses increasingly face challenges such as quantum computing threats, interconnected cloud services, and AI-driven vulnerabilities.
The new xBOM capabilities include the CBOM, ML-BOM, SaaSBOM, and the ability to declare and edit xBOM data.
“ReversingLabs is proud to lead the charge in redefining software transparency with our xBOM capabilities,” said Tomislav Peričin, Chief Software Architect and co-founder at RL. “By offering an unparalleled view into cryptographic assets, SaaS dependencies, and machine learning models, we empower our customers with the visibility and context to build and buy software with confidence.”
Prepares Businesses for AI and Quantum Computing Threats
As software becomes more intelligent and interconnected, organizations must go beyond traditional SBOMs to meet escalating transparency demands. The xBOM capabilities offered by Spectra Assure enable businesses to:
- Prepare for Quantum Computing Threats: CBOM provides insight into cryptographic assets that could be exploited by quantum computing advancements.
- Understand SaaS Dependencies: SaaSBOM ensures visibility into external services that software relies on, reducing risks from third-party integrations.
- Gain AI Supply Chain Visibility: ML-BOM identifies potentially malicious open-source models before they can be integrated into your products or deployed into your organization.
Enables Regulatory Compliance 
Support for these new xBOM capabilities will help both software producers and their enterprise buyers adhere to increasingly strict compliance mandates. These include:
- NIST AI Risk Management Framework (AI RMF): ML-BOM helps assess, manage, and mitigate risks throughout the AI lifecycle.
- EU AI Act: ML-BOM enables compliance with strict risk-based obligations for AI systems in high-impact sectors.
- ISO/IEC 42001 – ML-BOM helps with the first international standard for AI management systems, covering governance, transparency, and operational controls.
- NIST 1800 38b – CBOM facilitates the Post-Quantum Readiness through cryptographic discovery.
- EU Digital Operational Resilience Act (DORA): Enables proprietary software from ICT third-party service providers to be properly analyzed prior to deployment.
- EU Cyber Resilience Act (CRA): Enable software manufacturers to generate the most comprehensive SBOM/xBOM.
Replaces the Inherent Trust Model and Manual Questionnaires 
Traditionally, enterprise buyers have been relatively powerless when it comes to software supply chain security. Despite the fact that it is their responsibility to ensure the security of the software they bring into their organization, they have lacked any real control mechanism. Instead, they have relied on an inherent trust model that leans on security questionnaires and incomplete visibility into software components, associated services, and now AI, ML, and cryptographic components.
With Spectra Assure, they can source this information without relying on their vendor. The Spectra Assure SAFE report provides a complete xBOM along with any critical risks - without the need for source code.
Eliminates Friction of Software Supply Chain Security and Acquisition
The lack of transparency into software components and risk slows the purchase and deployment of software, impacting both software producers and buyers.
“Our xBOM support represents a new dimension of transparency for software. With xBOM, publishers can declare, and consumers can verify, software safety claims. This is a game changer for the software industry,” continued Peričin. “As a software vendor, I’m all too familiar with questionnaires and spreadsheets requested by security and procurement teams, which provide no real visibility into the real risk of an application. xBOM support expands Spectra Assure’s ability to quickly provide all the critical analysis and insights, eliminating the need for filling out questionnaires and time-consuming back and forth.”
Additional Information
For more information about the new xBOM capabilities in ReversingLabs Spectra Assure click here, schedule a demo, attend our webinar Beyond the SBOM: Welcome CycloneDX xBOM or meet with us at RSAC 2025, April 28 - May 1, 2025, San Francisco, Moscone Center, Booth N-4428. 
About ReversingLabs
ReversingLabs is the trusted name in file and software security. We provide the modern cybersecurity platform to verify and deliver safe binaries. Trusted by the Fortune 500 and leading cybersecurity vendors, RL Spectra Core powers the software supply chain and file security insights, tracking over 422 billion searchable files with the ability to deconstruct full software binaries in seconds to minutes. Only ReversingLabs provides that final exam to determine whether a single file or full software binary presents a risk to your organization and your customers.
Media Contact
Doug Fraim
Guyer Group
Doug@Guyergroup.com
 
    
