SBOMs (Software Bill of Materials) are a crucial tool in ensuring the security of software products, allowing organizations to analyze vulnerabilities and remediate them. Vulnerabilities can be rated using CVSS (Common Vulnerability Scoring System) and EPSS (Exploit Prediction Scoring System), with VEX (Vulnerability Exploitability Exchange) providing a way for software creators to communicate exploitability information. Tools like Dependency-Track, Grype, and DaggerBoard help analyze SBOMs for vulnerabilities, while Cloudsmith's quarantine feature can temporarily block downloads of compromised artifacts. Effective remediation workflows involve notifying internal owners, updating artifacts, and alerting users, as well as considering disclosure requirements for customers and third-party users. Integrating SBOM tooling into workflows is essential for securing software products, even if not all ecosystems are fully supported yet.