Black Kite, vendor of third-party cyber risk intelligence, introduced Vulnerability Intelligence Briefs (VIB). The solution goes beyond cataloging Common Vulnerabilities and Exposures (CVEs) by providing visibility into third-party risks, enabling security professionals to discover a vulnerability’s severity, exploitability, and exposure.
An organization’s third-party vulnerabilities are its greatest risk exposure, exacerbating challenges faced by security teams that frequently rely on traditional vulnerability management solutions focused on internal systems. As a result, they are operating with a critical blind spot in the security posture of vendors and partners. This gap creates a significant risk, as a single unpatched vulnerability in a third-party system can trigger a cascading impact across an entire organization.
“As more organizations turn to third-party vendors, open-source components, and cloud services, in today’s environment, they cannot afford to rely on a traditional vulnerability management mindset,” said Chuck Schauber, chief product officer at Black Kite. “Third-party risks are increasing, with vulnerabilities fast becoming a third-party risk management issue. With the release of Black Kite VIB, we are providing a solution that has the actionable intelligence and tools needed so that organizations can move from reactive patching to a strategic ecosystem defense. Without doubt, this launch represents a new era where managing vulnerability risks in third-parties is not only possible but now is a critical part of third-party cyber risk management.”
According to Black Kite’s recently released 2025 Supply Chain Vulnerability Report: Navigating a New Era of Managing Vulnerability Risk in Third Parties, 2024 marked a sharp increase in published vulnerabilities, with over 40,000 CVEs disclosed, representing a 38 percent year-over-year increase.
Many of these exploited vulnerabilities were found in widely used third-party software rather than internally developed applications, with high-profile vulnerabilities in MOVEit, Fortra GoAnywhere, and Ivanti products demonstrating how supply chain risks can propagate. These findings further validate that vulnerability management must evolve beyond internal patching strategies.
With VIB, Black Kite is revealing vulnerabilities across the supply chain so that organizations can assess the associated risks and their impact, prioritize the vulnerabilities that need to be mitigated, and engage with their vendors to strengthen their security and the security of the entire supply chain.
Black Kite’s platform empowers organizations to take a proactive approach to third-party risk management by offering a range of advanced capabilities. One key feature is the ability to take control of third-party risks. Organizations can now detect, assess, and drive vendor responses at the speed of real-world threats, bridging the gap between risk intelligence and actionable responses. This makes third-party risk management more effective and timely.
The platform also helps users go beyond CVEs (Common Vulnerabilities and Exposures) by providing deeper insights into the relevance, discoverability, and actionability of vulnerabilities in the context of third-party cyber risk. This enables a more comprehensive understanding of potential threats rather than simply cataloging vulnerabilities.
Additionally, Black Kite leverages OSINT (Open Source Intelligence) to focus on exploitable vulnerabilities, offering actionable risk intelligence. The platform moves organizations from reactive patching to proactive ecosystem defenseby using Auto-Scanning to measure patch management risks. Black Kite also introduces FocusTags, a new tagging feature that automatically flags vendors who have experienced significant cyber incidents such as data breaches or ransomware attacks, allowing for rapid response to high-priority threats.
Industrial Cyber News Desk
Industrial Cyber News Desk
