-Content by CyberNewswire-
Insignary, Inc., whose patented binary fingerprint technology has been cited in four Gartner research reports, today announced its recognition as a Sample Vendor for Reachability Analysis in the Gartner Hype Cycle for Secure Software Engineering, 2026.
According to Gartner: “Open-source and third-party components may contain a long list of vulnerabilities, but not all of them directly impact your code base. Reachability analysis helps in triaging the vulnerabilities based on their exploitability.”
The urgency is clear across independent industry research. A 2024 Venafi survey of 800 security decision-makers across the U.S., U.K., Germany, and France found that 92% are concerned about AI-generated code, and 63% have considered banning it outright over security risk. The U.S. National Vulnerability Database recorded more than 48,000 CVEs in 2025, roughly 130 every day.
AI coding assistants are accelerating the growth of unmanaged open-source dependencies. As organisations adopt these tools at scale, they face a widening challenge: understanding which open-source components enter production software, whether those components can be trusted, and how the resulting security and compliance risks are managed.
The problem is structural. Most SCA tools read what developers declare, not what actually runs. AI-generated code, vendor libraries, and third-party binaries frequently bypass package managers and never appear in a manifest.
“SBOMs are increasingly becoming a regulatory requirement around the world. However, software transparency is only as reliable as the accuracy of an SBOM itself. You cannot verify an SBOM by reading the manifest that created it. You verify an SBOM by examining the software that was actually built, shipped, and deployed. As software supply-chain regulations increasingly depend on SBOMs, the ability to validate software at the binary level becomes essential for organisations operating in regulated industries, critical infrastructure, and AI-enabled software environments.” Taek Wan Kim, President & CEO, Insignary
Insignary Clarity: Binary-First, Ai-Aware
Insignary Clarity scans both source and binary to build a complete Software Bill of Materials (SBOM) for the applications teams build, the third-party components they incorporate, and the IT infrastructure that bypasses the traditional secure development lifecycle.
Key capabilities include:
- Binary SCA — identifies open-source components, vulnerabilities, and license obligations directly from compiled binaries, without requiring source code or package manifests
- AIBOM Generation — produces an AI Bill of Materials for software containing AI-generated or AI-assisted code, covering components that bypass traditional dependency declarations
- Reachability Analysis — determines which disclosed vulnerabilities actually reach executable code paths, enabling risk-based prioritisation rather than raw CVE-count triage
- Continuous Vulnerability Alerting — monitors stored SBOMs against updated vulnerability databases and delivers automated alerts when newly disclosed CVEs match deployed components, without requiring a rescan
“An SBOM is foundational to managing the complexity and securability of modern software deployments.”
Recognition In Four Gartner Reports
Insignary has been cited in four Gartner research reports*, Gartner Hype Cycle for Secure Software Engineering,2026, Gartner Hype Cycle for Application Security,2025, Gartner Scale Application Security With AI-Augmented Vulnerability Remediation,2025, and Gartner 3 Steps for Assessing an Open-Source Software Project, 2025.
More from News
- Innovation City And IOPn LaunchMiddle East’s First Sovereign AI Data Centre
- Samsung’s Chip Business Is Profitable Again – Does this Mean Smaller Manufacturers Can Compete With the Big Players?
- Streaming “Free” Movies At Work Could Cost Your Company More Than Just TIme
- The Magnificent Seven Just Became 10% Less Magnificent – And $2.3 Trillion Lighter
- Experts Share: What’s The Most Underrated American Startup Today?
- Are Prediction Markets Creating New Incentives For Digital Fraud?
- Nobody Is Exempt – Even Spyware Investigators Get Hacked… By Spyware
- What Are Satellite Phones, And How Does The Technology Work?
Supporting Global Software Supply Chain Requirements
Insignary Clarity supports organisations meeting software supply-chain security requirements across North America and globally:
- S. Executive Order 14028 and OMB Memorandum M-26-05 — federal agencies may now independently verify vendor SBOMs rather than accepting a standard attestation form, raising the bar for all software sold into the U.S. government
- FDA Section 524B — every connected medical device premarket submission must include a binary-verified SBOM covering all compiled software components
- Canada’s Bill C-8 Critical Cyber Systems Protection Act (CCSPA), effective June 2026 — mandatory supply chain risk management for banking, telecommunications, energy, and transportation operators
Additional frameworks: CISA and NSA SBOM guidance, NIST SSDF, Australia’s Information Security Manual (ISM), U.S. Connected Vehicle Rule, EU Cyber Resilience Act.
Trusted By Governments And Global Enterprises
Globally, BearingPoint, one of Europe’s leading management and technology consulting firms and a strategic investor in Insignary serves as the company’s exclusive distributor across Europe. Cybertrust Japan, another strategic investor, and its reselling partner TechMatrix drive adoption across Japanese manufacturing under a joint SBOM initiative. Customers include government organisations and global leaders across the electronics, defense, financial services, automotive, manufacturing, medical and other technology sectors.
Gartner and Hype Cycle are trademarks of Gartner, Inc. and/or its affiliates. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organisation and should not be construed as statements of fact.
Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
-This is a paid press release published via CyberNewswire-
