How is the Software Inventory Collector different from a vulnerability scanner?

A traditional vulnerability scanner sends active probes and exploits to identify vulnerabilities — potentially disrupting sensitive devices. ORDR's Software Inventory Collector reads installed software information through low-impact, read-only methods appropriate for sensitive environments. Vulnerability correlation happens in ORDR's cloud platform after collection, rather than through active exploitation probes on the device.

Definition

Software Inventory Collector

An ORDR lightweight script that identifies installed software on devices and maps associated vulnerabilities, enabling vulnerability management for legacy devices that cannot be scanned by traditional tools.

What is Software Inventory Collector?

ORDR's Software Inventory Collector (ORDR Code) is a lightweight capability that identifies installed software, running services, and software components on devices that cannot be scanned by traditional vulnerability assessment tools. It bridges the gap between standard IT vulnerability scanning (which requires agent installation or network-based scanning protocols that disrupt sensitive devices) and complete software visibility.

The Software Inventory Collector is particularly valuable for IoT and OT devices that sit in the grey zone: they run a Windows or Linux operating system (making software inventory theoretically possible) but cannot accept disruptive active scans or install full-weight agents. The lightweight collector operates within the device's performance constraints while still providing the software component visibility needed for vulnerability management.

The output of software inventory collection — the list of installed applications, libraries, and versions — is the raw material for vulnerability correlation. Knowing that a device runs OpenSSL 1.0.2 means every CVE affecting that OpenSSL version applies to that device. Knowing that a medical imaging workstation runs a specific version of a DICOM viewer means vulnerabilities in that application are directly relevant. Software inventory transforms generic vulnerability lists into device-specific, actionable risk assessments.

Key Facts

Software inventory collection enables CVE correlation for devices invisible to traditional vulnerability scanners
Without software inventory, vulnerability management programs estimate exposure — with it, they measure it accurately
SBOM requirements from EO 14028 and FDA guidance make software inventory a regulatory necessity
Software inventory combined with KEV data enables detection of Log4Shell-style supply chain vulnerabilities across the full device estate

How ORDR Addresses Software Inventory Collector

ORDR's Software Inventory Collector identifies software components on devices where traditional agents and scanners can't operate, enabling accurate vulnerability correlation for the full device estate. The software inventory feeds ORDR's risk scoring engine, ensuring that CVE assignments are based on actual installed software rather than assumed device configurations.

See ORDR in action

Frequently Asked Questions

Back to Glossary

See Software Inventory Collector in practice.

ORDR gives security teams complete visibility into every connected asset—and the intelligence to act on what matters most.

REQUEST A DEMO Explore Resources