Why HBOM and SBOM must be managed together
For connected devices, software-only visibility is not enough. Hardware context changes exploitability, remediation options, and operational risk. ARIANNA combines HBOM and SBOM in one Device Model so security teams can evaluate vulnerabilities against the real device architecture.
How ARIANNA structures a Device Model
ARIANNA organizes components by Processing Unit and Group. This makes it easier to map vulnerabilities to where they actually run, see dependencies, and identify the highest-risk areas of the system.
- Processing Units represent logical hardware blocks (MCU, MPU, SE, memory, hardware modules).
- Groups separate hardware, firmware, OS, and application layers for clearer triage.
- Component status tracks active, removed, updated, and newly added elements over time.
From inventory to daily monitoring
Once the model is created, ARIANNA correlates components with vulnerability intelligence daily and highlights new risk. This enables continuous monitoring instead of periodic review cycles.
Lifecycle impact
As software releases evolve, SBOM changes are tracked by model version. Existing vulnerabilities keep context, close automatically when components are updated or removed, and new vulnerabilities are surfaced immediately.
This is what turns component inventory into an operational vulnerability management process.