Tag: Gartner Hype Cycle

  • Insignary Clarity Bridges SBOM Accuracy Gap Using Binary-Level Analysis for Regulatory Compliance

    Insignary Clarity Bridges SBOM Accuracy Gap Using Binary-Level Analysis for Regulatory Compliance

    Insignary, Inc., a Toronto-based cybersecurity company specializing in binary composition analysis, has announced its recognition as a Sample Vendor for Reachability Analysis in the Gartner Hype Cycle for Secure Software Engineering, 2026. The company’s patented binary fingerprint technology, cited in four Gartner research reports, addresses a critical gap in software supply chain security: the accuracy of Software Bills of Materials (SBOMs).

    Most software composition analysis (SCA) tools rely on what developers declare in manifests. However, AI-generated code, vendor libraries, and third-party binaries often bypass package managers entirely. Insignary Clarity, the company’s flagship platform, uses a binary-first approach to analyze what is actually built, shipped, and deployed — including hidden open-source components.

    Why SBOM Accuracy Matters

    According to Gartner: “Open-source and third-party components may contain a long list of vulnerabilities, but not all of them directly impact your code base. Reachability analysis helps in triaging the vulnerabilities based on their exploitability.”

    The urgency is underscored by industry data. A 2024 Venafi survey found that 92% of security decision-makers are concerned about AI-generated code, and 63% have considered banning it outright. Meanwhile, the U.S. National Vulnerability Database recorded over 48,000 CVEs in 2025 — roughly 130 per day.

    Taek Wan Kim, President & CEO of Insignary, stated: “SBOMs are increasingly becoming a regulatory requirement around the world. However, software transparency is only as reliable as the accuracy of an SBOM itself. You cannot verify an SBOM by reading the manifest that created it. You verify an SBOM by examining the software that was actually built, shipped, and deployed.”

    Key Capabilities of Insignary Clarity

    • Binary SCA: Identifies open-source components, vulnerabilities, and license obligations directly from compiled binaries without requiring source code or manifests.
    • AIBOM Generation: Produces an AI Bill of Materials for software containing AI-generated or AI-assisted code, covering components that bypass traditional dependency declarations.
    • Reachability Analysis: Determines which disclosed vulnerabilities actually reach executable code paths, enabling risk-based prioritization.
    • Continuous Vulnerability Alerting: Monitors stored SBOMs against updated databases and delivers automated alerts when new CVEs match deployed components, without requiring a rescan.

    Recognition and Global Compliance

    Insignary has been cited in four Gartner reports: Hype Cycle for Secure Software Engineering 2026, Hype Cycle for Application Security 2025, Scale Application Security With AI-Augmented Vulnerability Remediation 2025, and 3 Steps for Assessing an Open-Source Software Project 2025.

    The platform supports compliance with global software supply chain regulations, including:

    • U.S. Executive Order 14028 and OMB Memorandum M-26-05
    • FDA Section 524B for connected medical devices
    • Canada’s Bill C-8 Critical Cyber Systems Protection Act (effective June 2026)
    • CISA and NSA SBOM guidance, NIST SSDF, Australia’s ISM, U.S. Connected Vehicle Rule, and the EU Cyber Resilience Act

    Trusted by Governments and Enterprises

    BearingPoint, a strategic investor, serves as Insignary’s exclusive distributor across Europe. Cybertrust Japan and TechMatrix drive adoption in Japanese manufacturing. Customers include government organizations and global leaders in electronics, defense, financial services, automotive, healthcare, and other sectors.

    GARTNER and Hype Cycle are trademarks of Gartner, Inc. and/or its affiliates. Gartner does not endorse any vendor, product, or service depicted in its research publications.

    About Insignary

    Insignary Inc. is a Toronto-based cybersecurity company specializing in binary composition analysis and software supply chain security. Its patented technology helps organizations identify open-source components, vulnerabilities, and software provenance from compiled binaries. The flagship Insignary Clarity platform enables binary analysis and SCA, while Clarity AIR extends this capability to AI models and AI-generated software. More at insignary.com.