Software supply chain visibility is the new business imperative

Do you have the visibility you need to secure your critical systems?

See how to focus on vulnerabilities that matter with Vulnerability Exploitability eXchange documents.
Read how AI can find complex correlations between products and vulnerabilities that people can't.
Get a free SBOM for your software or firmware package. No source code necessary.

Ensuring software is legitimate, tamper-free, safe to ship, and safe to install

Our AI-powered platform automatically delivers what was never before possible.

The FACT™ platform (Framework for Analysis and Coordinated Trust) is an advanced aggregation, analytics, and correlation engine that derives the most up-to-date cybersecurity risk intelligence on software components as they flow through the ecosystem: between suppliers, developers, OEMs, service providers, operators, and even those who should not have the software and may use it for malicious intent.

Managing supply chain security intelligence in one place


Organizational Overview

Executive SummaryFACT ScoresSubcomponent Vendors

Average Score


Malware Found




Signature Risks


Product Files






SBOM Coverage

An organizations dashboard displaying scores, metrics, SBOM coverage and more
A submitted file reporting a very good 10/10 FACT score
The SBOM management interface from FACTs Web Portal
The vulnerability management interface from FACTs Web Portal
An example of FACT using YARA rules for advanced malware detection
A file submitted into FACT signed by OSIsoft
Listing of subcomponent vendors in a submitted file

Protecting each link in the software supply chain



FACT makes the update delivery process to your customers more reliable and secure. It provides valuable intelligence on the software modules you source from 3rd parties, warning if subcomponents have known vulnerabilities or malware. It generates 1-click SBOMs quickly and easily, and if counterfeit versions of your software are being installed anywhere in the world, you will be the first to know.

How long will it be acceptable for you to distribute software without being certain of the integrity of every component?

FACT for Vendors & OEMs
Asset Owners

Asset Owners

FACT gives you visibility and control of upgrade processes. FACT integrates seamlessly into your existing workflows to allow employees to analyze the files they need. Management gains visibility into the files being used and has the ability to approve or deny patches before they are installed on critical equipment.

How long will it be acceptable for you to operate without detailed insight into your firmware stack?

FACT for Asset Owners
System Integrators

System Integrators

If your company designs and installs intelligent control platforms, FACT lets you track software in every stage of the EPC process: from initial design & commissioning to factory acceptance tests & handover. You can be certain that the software installed on your client’s system is free of known vulnerabilities and counterfeits. Plus you can manage workflows and approval processes for software across multiple clients and projects.

How can you protect your company’s reputation if you don’t know the contents of products you’re installing?

Security Analysts and Service Providers

Security Analysts & Service Providers

If your company provides audit or security services for industry, you know that modern control systems can contain millions of different executable files, scattered across hundreds of different platforms. This makes the task of uncovering hidden malware similar to finding a needle in a haystack. FACT gives you the tools to quickly authenticate vendor files, helping you understand their origin, functionality, and vulnerabilities.

How can your services remain competitive without comprehensive intelligence on your client’s supply chain?

Do you have the data you need to secure your critical systems?

By the Numbers

11 Billion

Analysis operations/day

(Yes, with a B!)

1 Billion

API calls/month

40 Million

OT/ICS-related files from top-tier vendors

3.3 Million

ICS files/day scanned against 18,000+ YARA Rules

Continuous Software Supply Chain Visibility

From vendors, to products, right down to subcomponents

Reduce Risk


Comprehensive Dashboards

Dashboard Concept

Compliance & Meeting Regulatory Headwinds


How FACT Works Diagram

Responding to Emerging Vulnerabilities

Managing customer communication effectively

Deep File Analysis

Protect Your Brand

Insights Into Vendor Country of Origin

Dashboard with Security Scorecard Integration

ML+AI Powered

Serving all critical industries



Oil & Gas




Providing a single solution for all products, vendors, and platforms

FACT is vendor- and platform-agnostic, attending to the compliance and security needs for all the firmware and software used on critical systems.