Black Kite Adds Product-Level Risk Analysis to TPRM Platform

Black Kite has introduced a new Product Analysis module aimed at helping security and risk teams assess software risk at the product level, not just the vendor level. The update reflects a growing need inside TPRM programs to understand risk more precisely, especially as organizations rely on complex software portfolios that extend far beyond traditional supplier boundaries.

Vendor assessments remain necessary, but they often flatten important differences between individual products. A vendor with a strong overall security posture may still offer products with specific vulnerabilities, outdated components, or risky dependencies. Product Analysis is designed to expose those gaps by letting teams evaluate individual software products directly, creating a clearer picture of where risk actually sits.

The module brings together three analysis layers. Downloadable software analysis maps products to vendors and evaluates risk based on known vulnerabilities, exploit activity, certifications, and end-of-life status. SaaS subdomain analysis links exposed services back to the correct provider and evaluates weaknesses across those environments. SBOM analysis examines open-source components and nested dependencies to surface risks that are often invisible in standard assessments.

For TPRM teams, the practical value is speed and focus. Product-level insight supports more informed onboarding decisions, finer-grained monitoring, and targeted remediation actions such as upgrades or configuration changes. It also helps organizations meet regulatory and federal requirements that increasingly expect SBOM visibility and software supply chain accountability. By extending risk analysis beyond the vendor scorecard, Black Kite is pushing TPRM programs closer to how software risk actually behaves in the real world.