Karamba Security VMS (Vulnerability Management System) is a centralized platform for Product Security teams to manage vulnerability assessment and prioritization across the product lifecycle. At its core, the system maintains a hierarchical Software/Firmware Component inventory that supports Software Bill of Materials (SBOM) generation for products and product lines. The platform ingests security issues from multiple sources, including: - NVD and other public CVE databases - Penetration testing reports - Threat Analysis and Risk Assessment (TARA) reports - Binary scanning results - Bug bounty and information disclosure reports - Open Source Intelligence (OSINT) and other threat intelligence feeds Key capabilities include blast radius analysis for mapping issues to system impact across multiple product lines and software versions, exploitability and remediation analysis for clustering similar issues and assigning them to relevant teams, and priority adjustment based on exploitability status. The system also supports compliance and homologation reporting, specifically for UNECE R155 Type Approval based on ISO 21434 and related standards. VMS is designed to provide a common working language across internal and third-party stakeholders, including Product Security, SOC analysts, R&D architects, developers, QA teams, validation, homologation teams, and management.