Risk Management

Expose hidden supply chain risk

Protect Your Brand and Reputation

Falling victim to any cyber attack can tarnish your brand and reputation. In the case of supply chain attacks, the injury is amplified if attackers are able to reach thousands more victims via a single target as in the case with the SolarWinds attack. Whether you build IoT/OT products or use them, you need visibility into what you are shipping or operating to ensure you aren’t harboring exploitable technology.

Get in front of emerging threats and reassure your customers that your products are secure when impactful vulnerabilities are announced. FACT provides insights into your entire software supply chain, allowing you to respond quickly to high-profile vulnerabilities like Log4j.

A proactive software supply chain can create and maintain a competitive advantage.

FACT provides:

Visibility across your entire supply chain to identify risky components, products, and vendors

Machine-readable VEX documents to streamline communications and promptly reassure your customers

Executive dashboards highlighting progress towards risk-reduction goals

Background image for the Vulnerability Call to Action

Schedule a session with our technical staff to see how FACT identifies vulnerable components, untrustworthy suppliers, and other 3rd-party risks.

From crisis to happy customers in under 24 hours

Log4j Discovered

Widespread vulnerability found in both IT & OT creates massive response

Visibility at Scale

aDolus FACT platform scans >35 million files to uncover Log4j vulnerabilities in OT software packages

Validation & Assurance

FACT confirms to its manufacturing customer there are NO exploitable instances of Log4j in their products

SBOMs & VEX Documents

Manufacturer uses FACT to generate VEX documents and SBOMs for efficient customer communications

Reputation Protected

Manufacturer uses FACT to generate VEX documents and SBOMs for efficient customer communications


FACT continuously monitors for new product ⇔ vulnerability associations to stay ahead of the next major

Reduce Potential Liability

In light of multiple high-profile software supply chain incidents, the question has arisen: “Should companies face legal liability for shipping insecure software?” In this new environment, contractual requirements are being re-examined as companies seek to hold suppliers accountable. If you ship products containing 3rd-party, insecure components, you may face significant liability.

FACT allows you to:

Discover the suppliers and components that comprise your software supply chain (even the deeply-buried ones)

Disclose information up front via SBOM (Software Bill of Materials)

Monitor for emerging vulnerabilities, ransomware, and other malware to reduce risk to your customers

Vendor Quality Assessment

When making purchasing decisions, it is important to consider the cybersecurity quality of the products your vendor supplies. If a vendor consistently ships products with software vulnerabilities, obsolescent components, black-listed 3rd-party components, or other high-risk issues, you need to know. On the other hand, vendors who provide SBOMs and transparency into their products help reduce your risk and you should factor that in. Either way, you need more visibility to assess your vendors and incorporate that information into the total cost of ownership (TCO) of their products.

FACT allows you to:

Reduce inherited risk from purchased products (and ensure you don’t pass it along further)

Conduct informed warranty discussions with vendors supplying higher-risk products

Negotiate with vendors based on who is bearing the risk

M&A Due Diligence

Mergers and Acquisitions (M&As) are common in the automation industry, and it is becoming increasingly important to have detailed intelligence on embedded risk. Which is the more attractive choice for acquiring (or merging) with another company: one that can provide total, detailed transparency into their software inventory or one offering no visibility where you blindly shoulder all the risk?

When your team is responding to interest in an M&A, can you deliver a fully transparent inventory of all your software, right down to the component level?

FACT allows you to:

Provide a detailed and risk-scored inventory of all the vendors, software, and components in your portfolio

Negotiate from a position of strength with evidence-based risk assessments

Speed up the due diligence process with automated documentation

Talk to us about how to reduce 3rd-party risk, secure your software supply chain, and avoid liability.