AMI, a global leader in firmware and platform security solutions, is proud to announce the release of its new integrated Software Bill of Materials (SBOM) and Vulnerability Management Service (VMS) under its AMI Meridian™ Security Services for its flagship Aptio® UEFI boot firmware and MegaRAC® BMC firmware solutions. This latest release marks a major milestone in our ongoing commitment to advancing firmware transparency, security, and regulatory compliance across the global technology ecosystem.
Why It Matters
As cybersecurity regulations evolve, organizations are under increasing pressure to demonstrate software supply chain transparency. AMI Meridian Security Services empower customers to proactively manage firmware vulnerabilities, streamline patching workflows, and meet compliance mandates from bodies such as CISA and NTIA as well as recent U.S. Executive Orders and the Cyber Resilience Act (CRA).
“Security is a continuous journey. Our partners need to be enabled to confidently answer ‘What’s in my firmware?’ and ‘Does this vulnerability affect my systems?’. And we believe we’re leading the industry by working with them to develop these solutions for improving the security posture of the entire industry and our end customers.” – Brian Mullen, PSIRT and SSDLC Director of Engineering, AMI
Key Security Service Features:
- SBOM Service: Generate detailed SBOMs in SPDX 2.3 and CycloneDX 1.5 formats with internal vulnerability database integration for on-demand security analysis and update tracking. Reports include open-source, third-party, and AMI components, with NDA-specific options for partner ingredients.
- Vulnerability Management Service: Track CVEs, Security Advisories, and patch status across firmware projects. Exportable dashboards and reports enable real-time vulnerability analysis and mitigation planning through SaaS-powered Web and API tools.
- AMI Meridian Integration: Both services are accessible via AMI’s secure Meridian platform, offering intuitive UI, search and upload capabilities, role-based access control, and user management.
“Firmware is foundational to every computing platform. With the launch of our SBOM and VMS services, AMI empowers customers to take charge of their firmware security posture and meet the demands of modern compliance frameworks.” – Sudan Ayanam, VP of Technology and Architecture, AMI
Availability
From today, our SBOM and VMS are generally available across all regions for Aptio V, MegaRAC SP-X, and MegaRAC OneTree projects. Customers can begin onboarding immediately. Learn more about our platform security solutions on the Server Platform Security section of our website and contact us to schedule a demo or request access.