Check out our software supply chain security solutions for Product Managers

Vulnerability Management

Actionable insight into component vulnerabilities

Trust Score

Save Valuable Time

Don't waste time searching the internet for vulnerability information: let the FACT platform do the searching for you.

FACT automatically checks each file and all of its subcomponents against both vulnerability databases and advisories published on vendor websites. When a potential match is found, FACT adds the vulnerability to the parent file as a suggested association.

Each vulnerability associated with a file can negatively impact its Trust Score.

Let AI Do the Heavy Lifting

FACT uses Artificial Intelligence (AI), specifically Machine Learning (ML) and Natural Language Processing (NLP), to perform the extraordinarily difficult task of linking vulnerabilities to products.

  • The National Vulnerability Database (NVD) is far from complete and rarely maps component vulnerabilities back to the products containing those components.

  • Thanks to mergers and acquisitions (and even simple spelling errors), the vendor name on a product often doesn't match the vendor name in the NVD disclosure details or the Common Platform Enumeration (CPE) listing.

  • Even the most experienced security analysts cannot efficiently match vulnerabilities with their installed products (or the other way around). With AI, FACT creates these vulnerability associations quickly and comprehensively.

Vulnerabilities Namespace Problem Example ft GE and Fanuc

Just searching for the vendor name on your device doesn’t work. You need to know the vendor’s merger and acquisition history as well as any rebranding or renaming the product line underwent.

Let's get in touch so we can show you how FACT automates vulnerability management.

Screenshot of vulnerability management from within the FACT Portal

Prioritize and Annotate Vulnerabilities

Vendors have the ability to review and manage the vulnerabilities, approving, rejecting, and mitigating them as appropriate. This added level of intelligence saves asset owners from false-positive alerts and streamlines communication between parties.

Learn more aboutVulnerability Management

Text Thumbnail for our video on Finding Hidden Vulnerabilities

WatchWatch FACT Uncover Hidden Vulnerabilities

Text Thumbnail of the ARC Analyst interview

WatchARC Analyst Larry O'Brien interviews Eric Byres on Vulnerabilities

Screenshot of our VEX Document white paper

DownloadRead More about VEX Documents