~267 advisories processed per day
~73,354 CPEs associated to CVEs per day
FACT provides a single pane of glass for analyzing IT, IoT, and OT products. FACT helps consolidate visibility for PSIRTs and product management across multiple operating systems, including Windows, QNX, Linux, and other RTOSs, as well as custom file formats.
Integrate FACT with your corporate systems, workflows, and processes. While FACT provides a full-featured portal for direct interaction, many customers use the API to integrate with existing systems. The API exposes all the same information that is available through the portal.
All communications are encrypted using TLS 1.2 or better and leverage OAuth 2.0 for authentication and token management.
FACT uses an enhanced version of BCA that allows it to analyze binary files without the need for source code. While Software Composition Analysis (SCA) — where the analysis is performed on source code — is a useful approach, it often isn’t possible for the legacy products so common in industrial control systems.
FACT focuses on asset owner end artifacts, release files, and integrated SCA feeds (where possible) to produce more reliable and accurate insights based on metadata — or Metadata Composition Analysis (MCA).
FACT uses AI and ML to search multiple vulnerability feeds, including vendor announcements and other text-based sources, to build associations between vulnerabilities and products. This complex task is difficult thanks to years of M&As, rebranding, and even simple typos.
FACT is hosted on Amazon AWS and benefits from proven AWS security best practices. Data in the database is logically separated and partitioned to ensure that each customer’s data remains isolated. FACT also provides controls through RBAC to enable granular control within each organization. Submitted files never leave FACT without customer permission. FACT regularly undergoes pen testing by certified third parties, and summary results are available upon request.