FACT Technical Details

SaaS platform for continuous software supply chain monitoring

Performance and Scalability

11 billion analysis operations
per day
1.4 billion mapped relationships between parent-child files
An icon representing vulnerabilities
102,388 new or updated CVEs tracked in 2022

~267 advisories processed per day

>28 million CPEs tracked over the same period

~73,354 CPEs associated to CVEs per day

Vendor-, Platform-, and OS-Agnostic

FACT provides a single pane of glass for analyzing IT, IoT, and OT products. FACT helps consolidate visibility for PSIRTs and product management across multiple operating systems, including Windows, QNX, Linux, and other RTOSs, as well as custom file formats.

Interoperable via Full-Featured RESTful API

Integrate FACT with your corporate systems, workflows, and processes. While FACT provides a full-featured portal for direct interaction, many customers use the API to integrate with existing systems. The API exposes all the same information that is available through the portal.

All communications are encrypted using TLS 1.2 or better and leverage OAuth 2.0 for authentication and token management.

Binary Composition Analysis (BCA)

FACT uses an enhanced version of BCA that allows it to analyze binary files without the need for source code. While Software Composition Analysis (SCA) — where the analysis is performed on source code — is a useful approach, it often isn’t possible for the legacy products so common in industrial control systems.

FACT focuses on asset owner end artifacts, release files, and integrated SCA feeds (where possible) to produce more reliable and accurate insights based on metadata — or Metadata Composition Analysis (MCA).

AI- and ML-Enhanced Correlations

FACT uses AI and ML to search multiple vulnerability feeds, including vendor announcements and other text-based sources, to build associations between vulnerabilities and products. This complex task is difficult thanks to years of M&As, rebranding, and even simple typos.

Secure and Reliable

FACT is hosted on Amazon AWS and benefits from proven AWS security best practices. Data in the database is logically separated and partitioned to ensure that each customer’s data remains isolated. FACT also provides controls through RBAC to enable granular control within each organization. Submitted files never leave FACT without customer permission. FACT regularly undergoes pen testing by certified third parties, and summary results are available upon request.