{"id":4504,"date":"2026-07-06T13:07:19","date_gmt":"2026-07-06T13:07:19","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/07\/06\/insignary-closes-sbom-accuracy-gap-with-binary-level-clarity-for-regulatory-risk\/"},"modified":"2026-07-06T13:07:19","modified_gmt":"2026-07-06T13:07:19","slug":"insignary-closes-sbom-accuracy-gap-with-binary-level-clarity-for-regulatory-risk","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/07\/06\/insignary-closes-sbom-accuracy-gap-with-binary-level-clarity-for-regulatory-risk\/","title":{"rendered":"Insignary Closes SBOM Accuracy Gap With Binary-Level Clarity for Regulatory Risk"},"content":{"rendered":"<div><img data-opt-id=16111236  fetchpriority=\"high\" decoding=\"async\" width=\"1198\" height=\"426\" src=\"https:\/\/devops.com\/wp-content\/uploads\/2026\/07\/insignary_logo_highres_17830044308uQUsWZ4Y3.jpg\" class=\"attachment-large size-large wp-post-image\" alt=\"\" \/><\/div>\n<p><img data-opt-id=73521908  fetchpriority=\"high\" decoding=\"async\" width=\"150\" height=\"150\" src=\"https:\/\/devops.com\/wp-content\/uploads\/2026\/07\/insignary_logo_highres_17830044308uQUsWZ4Y3-150x150.jpg\" class=\"attachment-thumbnail size-thumbnail wp-post-image\" alt=\"\" \/><\/p>\n<p class=\"sc-eeGUxP jAFyIN\"><span><strong>Toronto, Canada, July 6th, 2026, CyberNewswire<\/strong><\/span><\/p>\n\n<p><strong>Most software composition analysis tools read what developers declare. Insignary Clarity\u2019s patented binary-first platform analyzes what is actually built, shipped, and deployed \u2014 including the open-source components that never appear in any manifest.<\/strong><\/p>\n<p><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/insignary.com\/\"><strong> <\/strong>Insignary, Inc.<\/a>, whose patented binary fingerprint technology has been cited in four Gartner research reports, today announced its recognition as a Sample Vendor for Reachability Analysis in the <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.gartner.com\/doc\/reprints?id=1-2NII8O1Z&amp;ct=260610&amp;st=sb&amp;utm_source=cybernewswire&amp;utm_medium=pr&amp;utm_campaign=pr1-gartner-hype-cycle-2026&amp;utm_content=release1\">Gartner Hype Cycle for Secure Software Engineering, 2026<\/a>.<\/p>\n<p>According to Gartner: \u201cOpen-source and third-party components may contain a long list of vulnerabilities, but not all of them directly impact your code base. Reachability analysis helps in triaging the vulnerabilities based on their exploitability.\u201d<strong>*1<\/strong><\/p>\n<p>The urgency is clear across independent industry research. A 2024 Venafi survey of 800 security decision-makers across the U.S., U.K., Germany, and France found that 92% are concerned about AI-generated code, and 63% have considered banning it outright over security risk.<strong>*2 <\/strong>The U.S. National Vulnerability Database recorded more than 48,000 CVEs in 2025 \u2014 roughly 130 every day.<\/p>\n<p>AI coding assistants are accelerating the growth of unmanaged open-source dependencies. As organizations adopt these tools at scale, they face a widening challenge: understanding which open-source components enter production software, whether those components can be trusted, and how the resulting security and compliance risks are managed.<\/p>\n<p>The problem is structural. Most SCA tools read what developers declare \u2014 not what actually runs. AI-generated code, vendor libraries, and third-party binaries frequently bypass package managers and never appear in a manifest.<\/p>\n<blockquote>\n<p>\u201cSBOMs are increasingly becoming a regulatory requirement around the world. However, software transparency is only as reliable as the accuracy of an SBOM itself. You cannot verify an SBOM by reading the manifest that created it. You verify an SBOM by examining the software that was actually built, shipped, and deployed. As software supply-chain regulations increasingly depend on SBOMs, the ability to validate software at the binary level becomes essential for organizations operating in regulated industries, critical infrastructure, and AI-enabled software environments.\u201d \u2014 <strong>Taek Wan Kim, President &amp; CEO, Insignary<\/strong><\/p>\n<\/blockquote>\n<p><strong>INSIGNARY CLARITY: BINARY-FIRST. AI-AWARE.<\/strong><\/p>\n<p>Insignary Clarity scans both source and binary to build a complete Software Bill of Materials (SBOM) for the applications teams build, the third-party components they incorporate, and the IT infrastructure that bypasses the traditional secure development lifecycle.<\/p>\n<p>Key capabilities include:<\/p>\n<ul>\n<li>Binary SCA \u2014 identifies open-source components, vulnerabilities, and license obligations directly from compiled binaries, without requiring source code or package manifests<\/li>\n<li>AIBOM Generation \u2014 produces an AI Bill of Materials for software containing AI-generated or AI-assisted code, covering components that bypass traditional dependency declarations<\/li>\n<li>Reachability Analysis \u2014 determines which disclosed vulnerabilities actually reach executable code paths, enabling risk-based prioritization rather than raw CVE-count triage<\/li>\n<li>Continuous Vulnerability Alerting \u2014 monitors stored SBOMs against updated vulnerability databases and delivers automated alerts when newly disclosed CVEs match deployed components, without requiring a rescan<\/li>\n<\/ul>\n<p>\u201cAn SBOM is foundational to managing the complexity and securability of modern software deployments.\u201d<strong>*3<\/strong><\/p>\n<p><strong>RECOGNITION IN FOUR GARTNER REPORTS<\/strong><\/p>\n<p>Insignary has been cited in four Gartner research reports*, Gartner Hype Cycle for Secure Software Engineering,2026, Gartner Hype Cycle for Application Security,2025, Gartner Scale Application Security With AI-Augmented Vulnerability Remediation,2025, and Gartner 3 Steps for Assessing an Open-Source Software Project, 2025.<\/p>\n<p><strong>SUPPORTING GLOBAL SOFTWARE SUPPLY CHAIN REQUIREMENTS<\/strong><\/p>\n<p>Insignary Clarity supports organisations meeting software supply-chain security requirements across North America and globally:<\/p>\n<ul>\n<li>U.S. Executive Order 14028 and OMB Memorandum M-26-05 \u2014 federal agencies may now independently verify vendor SBOMs rather than accepting a standard attestation form, raising the bar for all software sold into the U.S. government<\/li>\n<li>FDA Section 524B \u2014 every connected medical device premarket submission must include a binary-verified SBOM covering all compiled software components<\/li>\n<li>Canada\u2019s Bill C-8 Critical Cyber Systems Protection Act (CCSPA), effective June 2026 \u2014 mandatory supply chain risk management for banking, telecommunications, energy, and transportation operators<\/li>\n<\/ul>\n<p>Additional frameworks: CISA and NSA SBOM guidance, NIST SSDF, Australia\u2019s Information Security Manual (ISM), U.S. Connected Vehicle Rule, EU Cyber Resilience Act.<\/p>\n<p><strong>TRUSTED BY GOVERNMENTS AND GLOBAL ENTERPRISES<\/strong><\/p>\n<p>Globally, BearingPoint \u2014 one of Europe\u2019s leading management and technology consulting firms and a strategic investor in Insignary \u2014 serves as the company\u2019s exclusive distributor across Europe. Cybertrust Japan, another strategic investor, and its reselling partner TechMatrix drive adoption across Japanese manufacturing under a joint SBOM initiative. Customers include government organizations and global leaders across the electronics, defense, financial services, automotive, manufacturing, medical, and other technology sectors.<\/p>\n<p>GARTNER and Hype Cycle are trademarks of Gartner, Inc. and\/or its affiliates. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner\u2019s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.<\/p>\n<p><strong>ABOUT INSIGNARY<\/strong><\/p>\n<p>Insignary Inc. is a Toronto-based cybersecurity company specializing in binary composition analysis and software supply chain security. Its patented technology enables organizations to identify open-source software components, vulnerabilities, and software provenance directly from compiled binaries without requiring access to source code.<\/p>\n<p>The company\u2019s flagship platform, Insignary Clarity, provides binary analysis and software composition analysis capabilities that enable organizations to verify the contents of deployed software and strengthen software supply chain governance. Insignary Clarity AIR extends this capability to the AI domain by helping organizations identify, assess, and manage risks associated with AI models, AI-generated software, and AI-driven development environments.<\/p>\n<p>The company serves enterprises, governments, and software vendors worldwide and is supported by strategic investors and partners including BearingPoint in Europe, Cybertrust Japan and TechMatrix in Japan, and TMA Solutions. Through its global partner ecosystem, Insignary supports software supply chain security initiatives across North America, Europe, and Asia.<\/p>\n<p><strong>Website:<\/strong> <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/insignary.com\/\">https:\/\/insignary.com\/<\/a><\/p>\n<p><strong>Full report:<\/strong> <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.gartner.com\/doc\/reprints?id=1-2NII8O1Z&amp;ct=260610&amp;st=sb&amp;utm_source=cybernewswire&amp;utm_medium=pr&amp;utm_campaign=pr1-gartner-hype-cycle-2026&amp;utm_content=release1\">Gartner Hype Cycle for Secure Software Engineering, 2026<\/a><\/p>\n<p><strong>References:<\/strong><\/p>\n<ol>\n<li>Gartner, Hype Cycle for Secure Software Engineering 2026<\/li>\n<li>Venafi, \u201cMachine Identity Management Development Survey,\u201d 2024<\/li>\n<li>Gartner, \u201cEmerging Tech: A Software Bill of Materials Is Critical to Software Supply Chain Management.\u201d<\/li>\n<\/ol>\n<h5>Contact<\/h5>\n<p><span><strong>Principal Solutions Architect<\/strong><br \/><\/span><span><strong>Jessica DY Lee<\/strong><br \/><\/span><span><strong>Insignary<\/strong><br \/><\/span><span><strong>jessicalee@insignary.com<\/strong><br \/><\/span><\/p>\n<p><a href=\"https:\/\/devops.com\/insignary-closes-sbom-accuracy-gap-with-binary-level-clarity-for-regulatory-risk\/\" target=\"_blank\" class=\"feedzy-rss-link-icon\">Read More<\/a><\/p>\n<p>\u200b<\/p>","protected":false},"excerpt":{"rendered":"<p>Toronto, Canada, July 6th, 2026, CyberNewswire Most software composition analysis tools read what developers declare. Insignary Clarity\u2019s patented binary-first platform [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4505,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[5],"tags":[],"class_list":["post-4504","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/4504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=4504"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/4504\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media\/4505"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=4504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=4504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=4504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}