VES Co., Ltd. Recruits Beta Trial Participants for 'SBOM+', a Cloud Service Supporting SBOM Generation, Vulnerability Management, and CRA Compliance
VES Co., Ltd., a subsidiary of Orchestra Holdings, will launch the beta version of 'SBOM+', a cloud service that integrates SBOM generation, vulnerability management, and EU Cyber Resilience Act (CRA) compliance, in early July 2026, and is now recruiting companies for a free trial.
📋 Article Processing Timeline
- 📰 Published: June 9, 2026 at 10:00
- 🔍 Collected: June 9, 2026 at 10:29 (29 min after Published)
- 🤖 AI Analyzed: June 9, 2026 at 18:32 (8h 3m after Collected)
VES Co., Ltd. (Headquarters: Shibuya-ku, Tokyo; Representative Director: Keiro Nakamura; hereinafter 'VES'), a subsidiary of Orchestra Holdings Inc. that supports corporate quality improvement through third-party software verification, will begin offering the beta version of 'SBOM+ (SBOM plus)' (hereinafter 'SBOM+'), a cloud service that centralizes SBOM (Software Bill Of Materials) generation, vulnerability management, and EU Cyber Resilience Act (hereinafter 'CRA') compliance status and evidence management, in early July 2026. Along with this, the company is starting to recruit companies to participate in a free trial to use this service in advance.
Development Background
In recent years, with the expansion of the use of OSS (Open Source Software) and third-party components, addressing security risks originating from the software supply chain has become increasingly important.
Furthermore, with the progress of legal regulations including the CRA, companies that provide products are required to understand software configuration information, build vulnerability management systems, respond to vulnerability reports, and manage response histories.
Against this backdrop, VES, in collaboration with Viettel Cyber Security and Art-Net Co., Ltd., is developing 'SBOM+' to support business management necessary for SBOM generation, vulnerability management, and CRA compliance.
About SBOM+
'SBOM+' is a cloud service that starts from the SBOM, which is software configuration information included in a product, and centrally manages vulnerability information collection, VDP (Vulnerability Disclosure Program) response, compliance status with vulnerability reporting obligations stipulated by the CRA, and a series of response evidence.
It helps solve issues such as the personalization of SBOM management for each product in PSIRT (Product Security Incident Response Team), product development departments, and quality assurance departments, prioritization of vulnerability responses, response to external vulnerability reports, and evidence management for regulatory compliance such as the CRA.
Features of SBOM+
1. SBOM Generation
In addition to supporting existing SBOM formats, it can generate and analyze SBOMs from various input formats such as source code, binaries, and container images. By centrally managing SBOMs for each product, it streamlines the understanding of component parts and change management.
2. Vulnerability Information Collection and Triage
For generated and registered SBOMs, it automatically correlates related vulnerability information, severity, and KEV (Known Exploited Vulnerabilities) information indicating actual exploitation status to visualize security risks for each product. This supports decision-making on response priorities and understanding the scope of impact.
Additionally, for vulnerability information reported externally, it centrally manages the process from reception, primary evaluation, impact analysis, decision on response policy, request for response to the development department, management of correction status, communication with the reporter, to information disclosure, and builds a continuous system by accumulating response histories.
3. Product Vulnerability Response Management
Product vulnerability response requires collaboration among many departments such as PSIRT, product development, and quality assurance. 'SBOM+' enables centralized management of SBOMs for each product, related vulnerabilities, and VDP and CRA compliance status on a dashboard.
4. Evidence Management
With an eye on CRA compliance, it can organize and accumulate management items necessary for vulnerability management, report response, information disclosure, and securing evidence. It also supports the management of vulnerability reporting flows stipulated by the CRA, helping ensure accountability necessary for regulatory and audit compliance.
Free Trial Recruitment Overview
The beta version free trial is scheduled to begin in early July 2026.
This trial targets companies and departments considering product security management, VDP operation, and CRA compliance, such as PSIRT, product development departments, and quality assurance departments, providing a verification environment for actual operations.
For those considering the trial, individual consultation sessions are being held for those who want to 'check if it suits their operations' or 'first see the product screen and usability'.
We welcome consultations not only from those already considering it but also from those facing challenges in SBOM operation or CRA compliance.
Application URL: https://www.ves.co.jp/sbomplus-trial-consultation/
This trial is a test provision, and we will continue to improve functions towards the official release scheduled for September 2026, reflecting the opinions and requests of actual users.
SBOM+ Introduction Webinar
Prior to the beta trial recruitment, we will hold an online webinar introducing the overview and usage of 'SBOM+'.
In the webinar, based on practical vulnerability response scenarios, we will specifically introduce the flow of a series of responses through a demo of 'SBOM+'.
[Webinar Overview]
Date and Time
・June 16 (Tuesday) 12:00-12:40
・June 18 (Thursday) 13:00-13:40
*Online / Free
*The same content is planned for both days
Application URL: https://www.ves.co.jp/sbomplus-trial-webinar/
*Regarding applications for the free trial and webinar, participation by companies in the same industry may be declined.
About VES Co., Ltd.
Company Name: VES Co., Ltd.
Representative: Representative Director Keiro Nakamura
Location: 8F, Ebisu Garden Place Tower, 4-20-3 Ebisu, Shibuya-ku, Tokyo
URL: https://www.ves.co.jp/
About Viettel Cyber Security
Company Name: Viettel Cyber Security
Representative: Chairman, CEO Nguyen Son Hai
Location: Lot D26, Cau Giay New Urban Area, Dich Vong Ward, Cau Giay District, Hanoi, Vietnam
URL: https://viettelsecurity.com/
About Art-Net Co., Ltd.
Company Name: Art-Net Co., Ltd.
Representative: Representative Director Phan Quang Truong
Location: 18F, Shinjuku Sumitomo Building, 2-6-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo
URL: https://www.art-net.co.jp/
Development Background
In recent years, with the expansion of the use of OSS (Open Source Software) and third-party components, addressing security risks originating from the software supply chain has become increasingly important.
Furthermore, with the progress of legal regulations including the CRA, companies that provide products are required to understand software configuration information, build vulnerability management systems, respond to vulnerability reports, and manage response histories.
Against this backdrop, VES, in collaboration with Viettel Cyber Security and Art-Net Co., Ltd., is developing 'SBOM+' to support business management necessary for SBOM generation, vulnerability management, and CRA compliance.
About SBOM+
'SBOM+' is a cloud service that starts from the SBOM, which is software configuration information included in a product, and centrally manages vulnerability information collection, VDP (Vulnerability Disclosure Program) response, compliance status with vulnerability reporting obligations stipulated by the CRA, and a series of response evidence.
It helps solve issues such as the personalization of SBOM management for each product in PSIRT (Product Security Incident Response Team), product development departments, and quality assurance departments, prioritization of vulnerability responses, response to external vulnerability reports, and evidence management for regulatory compliance such as the CRA.
Features of SBOM+
1. SBOM Generation
In addition to supporting existing SBOM formats, it can generate and analyze SBOMs from various input formats such as source code, binaries, and container images. By centrally managing SBOMs for each product, it streamlines the understanding of component parts and change management.
2. Vulnerability Information Collection and Triage
For generated and registered SBOMs, it automatically correlates related vulnerability information, severity, and KEV (Known Exploited Vulnerabilities) information indicating actual exploitation status to visualize security risks for each product. This supports decision-making on response priorities and understanding the scope of impact.
Additionally, for vulnerability information reported externally, it centrally manages the process from reception, primary evaluation, impact analysis, decision on response policy, request for response to the development department, management of correction status, communication with the reporter, to information disclosure, and builds a continuous system by accumulating response histories.
3. Product Vulnerability Response Management
Product vulnerability response requires collaboration among many departments such as PSIRT, product development, and quality assurance. 'SBOM+' enables centralized management of SBOMs for each product, related vulnerabilities, and VDP and CRA compliance status on a dashboard.
4. Evidence Management
With an eye on CRA compliance, it can organize and accumulate management items necessary for vulnerability management, report response, information disclosure, and securing evidence. It also supports the management of vulnerability reporting flows stipulated by the CRA, helping ensure accountability necessary for regulatory and audit compliance.
Free Trial Recruitment Overview
The beta version free trial is scheduled to begin in early July 2026.
This trial targets companies and departments considering product security management, VDP operation, and CRA compliance, such as PSIRT, product development departments, and quality assurance departments, providing a verification environment for actual operations.
For those considering the trial, individual consultation sessions are being held for those who want to 'check if it suits their operations' or 'first see the product screen and usability'.
We welcome consultations not only from those already considering it but also from those facing challenges in SBOM operation or CRA compliance.
Application URL: https://www.ves.co.jp/sbomplus-trial-consultation/
This trial is a test provision, and we will continue to improve functions towards the official release scheduled for September 2026, reflecting the opinions and requests of actual users.
SBOM+ Introduction Webinar
Prior to the beta trial recruitment, we will hold an online webinar introducing the overview and usage of 'SBOM+'.
In the webinar, based on practical vulnerability response scenarios, we will specifically introduce the flow of a series of responses through a demo of 'SBOM+'.
[Webinar Overview]
Date and Time
・June 16 (Tuesday) 12:00-12:40
・June 18 (Thursday) 13:00-13:40
*Online / Free
*The same content is planned for both days
Application URL: https://www.ves.co.jp/sbomplus-trial-webinar/
*Regarding applications for the free trial and webinar, participation by companies in the same industry may be declined.
About VES Co., Ltd.
Company Name: VES Co., Ltd.
Representative: Representative Director Keiro Nakamura
Location: 8F, Ebisu Garden Place Tower, 4-20-3 Ebisu, Shibuya-ku, Tokyo
URL: https://www.ves.co.jp/
About Viettel Cyber Security
Company Name: Viettel Cyber Security
Representative: Chairman, CEO Nguyen Son Hai
Location: Lot D26, Cau Giay New Urban Area, Dich Vong Ward, Cau Giay District, Hanoi, Vietnam
URL: https://viettelsecurity.com/
About Art-Net Co., Ltd.
Company Name: Art-Net Co., Ltd.
Representative: Representative Director Phan Quang Truong
Location: 18F, Shinjuku Sumitomo Building, 2-6-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo
URL: https://www.art-net.co.jp/
FAQ
When does the SBOM+ beta trial start?
It is scheduled to begin in early July 2026.
When is the official release of SBOM+?
It is planned for September 2026.
What are the main features of SBOM+?
SBOM generation, vulnerability information collection/triage, vulnerability response management, and evidence management.