Exceptional Response to a High-Profile Vulnerability

Within 24 hours, FACT™ Scanned Over 35 Million Files to Discover 43 Impacted Files, Corresponding to 24 Products

The aDolus FACT platform provides continuous software supply chain visibility at scale. SBOMs, VEX, & vulnerability management prove compliance & reduce risk. Its AI-powered aggregation, correlation, and analytics engine enables regulatory compliance and provides actionable insights to secure critical systems.

Solar Turbines is one of the world’s leading manufacturers of industrial gas turbines with more than 16,000 units installed in 100 countries. Their customers demand evidence that Solar Turbines has checked the security of every component of their software stack before it is deployed to a platform.

Log4j Discovered

Critical, widespread vulnerability is found in the wild and announced to the IT & OT community

Automation & AI

aDolus FACT platform scans 35M files to locate and reveal Log4j vulnerabilities in OT software packages

Validated Findings

aDolus FACT confirms there are NO exploitable instances of Log4j in Solar Turbines products

World's First VEX

VEX documents are generated to accompany SBOMs and streamline the response

Customer Communication

Solar Turbines quickly alerts customers: there are NO exploitable instances of Log4j in their products


aDolus FACT provides ongoing protection of the Solar Turbines software supply chain for the next Log4j

Do you have the data you need to secure your critical systems?

By the Numbers

11 Billion

Analysis operations/day

(Yes, with a B!)

1 Billion

API calls/month

40 Million

OT/ICS-related files from top tier vendors

3.3 Million

ICS files/day scanned against 18,000+ YARA Rules

Continuous Software Supply Chain Visibility

From vendors, to products, right down to subcomponents

Reduce Risk


Comprehensive Dashboards

Dashboard Concept

Compliance & Meeting Regulatory Headwinds


How FACT Works Diagram

Responding to Emerging Vulnerabilities

Managing customer communication effectively

Deep File Analysis

Protect Your Brand

Insights Into Vendor Country of Origin

Dashboard with Security Scorecard Integration

ML+AI Powered

Ensuring software is legitimate, tamper-free, safe to ship, and safe to install

Our AI-powered platform automatically delivers what was never before possible.

The FACT platform (Framework for Analysis and Coordinated Trust) is an advanced aggregation, analytics, and correlation engine that derives the most up-to-date cybersecurity risk intelligence on software components as they flow through the ecosystem: between suppliers, developers, OEMs, service providers, operators, and even those who should not have the software and may use it for malicious intent.

Protecting each link in the software supply chain



FACT makes the update delivery process to your customers more reliable and secure. It provides valuable intelligence on the software modules you source from 3rd parties, warning if subcomponents have known vulnerabilities or malware. It generates 1-click SBOMs quickly and easily, and if counterfeit versions of your software are being installed anywhere in the world, you will be the first to know.

How long will it be acceptable for you to distribute software without being certain of the integrity of every component?

FACT for Vendors

Asset Owners

Asset Owners

FACT gives you visibility and control of upgrade processes. FACT integrates seamlessly into your existing workflows to allow employees to analyze the files they need. Management gains visibility into the files being used and has the ability to approve or deny patches before they are installed on critical equipment.

How long will it be acceptable for you to operate without detailed insight into your firmware stack?

FACT for Asset Owners

System Integrators

System Integrators

If your company designs and installs intelligent control platforms, FACT lets you track software in every stage of the EPC process: from initial design & commissioning to factory acceptance tests & handover. You can be certain that the software installed on your client’s system is free of known vulnerabilities and counterfeits. Plus you can manage workflows and approval processes for software across multiple clients and projects.

How can you protect your company’s reputation if you don’t know the contents of products you’re installing?

Security Analysts & Service Providers

Security Analysts and Service Providers

If your company provides audit or security services for industry, you know that modern control systems can contain millions of different executable files, scattered across hundreds of different platforms. This makes the task of uncovering hidden malware similar to finding a needle in a haystack. FACT gives you the tools to quickly authenticate vendor files, helping you understand their origin, functionality, and vulnerabilities.

How can your services remain competitive without comprehensive intelligence on your client’s supply chain?

Partnering with leaders in cybersecurity

Serving all critical industries


Manufacturing Example


Automotive Example

Oil and Gas

Oil and Gas Example


Medical Example


Utilities Example


Aerospace Example

Providing a single solution for all products, vendors, and platforms

FACT is vendor- and platform-agnostic, attending to the compliance and security needs for all the firmware and software used on critical systems.