Onward Security Hercules SecSAM

Additional Info

CompanyOnward Security
Company size (employees)50 to 99
Headquarters RegionAsia
Type of solutionCloud/SaaS


SecSAM is a Security Assessment Management System for open-source software and aims to solve the pain points of companies that manage OSS security. Although industries have been gradually aware of the importance of Open-Source security measures, the difficulty of managing SBOM is higher than expected.

SecSAM effectively solves OSS risk control and SBOM management and other complex issues. Utilizing the Cybersecurity Bill of Materials as the technical framework for risk assessment, it integrates the third-party software vulnerability reports, the CI/CD tool that interfaces with the problem-tracking management system, and allows users to manage, track, and warn, in a more flexible and convenient way on the basis of secure development.

It is designed to analyze the compositions of OSS used in software development projects. It can help the team to assess vulnerability risks in open-source components, as well as provide important information, such as components that contain critical vulnerabilities being used in specified projects or license issues to the security or law department.

The security vulnerability database of SecSAM is comprehensive and abundant, which contains a wide range of vulnerability info and over 120,000 vulnerabilities, including CVE and Non-CVE vulnerabilities. It adopts the daily collection and analysis mechanism to ensure that the vulnerability info is up-to-date. Also, the system provides first-hand info to assist users in handling incidents and controlling losses by comparing the product specification with the above vulnerabilities.

The AI of SecSAM daily collects international security issues related to open-source software and links to the components being used, and it provides customized notifications and reports of the latest vulnerabilities to the relevant users in real time so that users can respond to the security event immediately. The notification contains incident detection, recommendation, and solution, which improves incident response time and decreases the impact of a breach.

How we are different

1. Vulnerability Analysis for Open-Source Software

Identifying and tracking Open-Source Software components are difficult due to the complex supply chain of Open-Source Software. Software may consist of many parts that come from different development teams or even different companies. Some of them may not be willing to provide their source code or Software BOM (SBOM) to the customer's security team. HERCULES SecSAM can analyze the open-source composition and vulnerabilities via its multiple scan tools, including binary scan and CPE analysis, making it easy to expand full SBOM and related vulnerabilities.

2. Open-Source Software License Identification

The legal framework of Open-Source Software licenses is complex, with a wide variety of Open-Source Software license types, each with restrictions on the usage, extension, and distribution of code and its derivative products. HERCULES SecSAM can identify license categories for users, which is helpful for the law department to understand the legal risk of using each component.

3. ioXt Likelihood Vulnerability Analysis

HERCULES SecSAM provides a state-of-the-art analysis tool for identifying vulnerabilities according to the ioXt alliance's rule to determine the risk assessment. It can help users improve IoT device security and reduce the difficulty of acquiring certification from the ioXt alliance.