Impact

OCM Gear is an extensible toolbox and provides the technical foundation for Apeiro Security Compliance Automation. As a central process engine, OCM Gear correlates arbitrary metadata, such as security related findings, using OCM based unique identities and enables fine granular tracking of findings along with rich context information. OCM Gear can integrate with all related existing tooling, such as malware- and vulnerability scanners, and merge metadata from any relevant external data sources into a common coordinate system. By design, OCM Gear offers an audit-safe, context aware re-prioritization concept of such findings, allowing developers to increase efficiency by sharpening their focus on genuinely relevant findings. This allows developers to minimize toil and false positive fatigue. Organizations with a previously tool-centric approach can transition to the Apeiro Security and Compliance Automation using its model-based reference. Security and Compliance Automation using its model-based reference.

Furthermore, OCM Gear allows security experts to refine and aggregate security and compliance metadata to be published and included in the product release (along with the artifacts and SBoMs) for a limited amount of customers and partners with highest security demand. For those customers and partners with OCM and OCM Gear, software providers aid with a trust-but-verify mandate, by providing the necessary and decisive metadata for verification in a transparent fashion. ApeiroRA thereby fulfills a requirement for digital sovereignty.