Binarly Unveils Transparency Platform 3.0: A Revolutionary Step in Firmware and Software Supply Chain Security
Binarly, a recognized leader in the field of firmware and software supply chain security, has introduced the next evolution of its flagship product—the Binarly Transparency Platform 3.0. This major update combines cutting-edge live threat intelligence with an innovative exploitation-aware scoring system, empowering enterprise security teams to prioritize the vulnerabilities that pose the most immediate risk to their organizations.
The latest release of the platform introduces several powerful new features, with the highlight being Threat Intelligence Monitoring. This service tracks real-time threats, including public proof-of-concept code, ransomware activity, and private telemetry, to flag actively exploited vulnerabilities the moment they emerge. These new data points are then used to generate an Exploitation Maturity Score (EMS), which replaces traditional probabilistic risk models with a more accurate, evidence-based scoring system.
The EMS system offers defenders a clear, continuously updated view of true risk, enabling them to take immediate action on the most dangerous vulnerabilities. With the platform’s real-time intelligence, security teams are no longer left guessing which vulnerabilities need attention, but are instead provided with clear, actionable data.
From Probabilistic to Evidence-Based Risk Scoring
One of the core innovations behind the Binarly Transparency Platform 3.0 is the Exploitation Maturity Score (EMS). Rather than relying on probabilistic models that speculate about the future, EMS measures the present, using hard evidence from real-time threat activity to gauge the current risk level of vulnerabilities. As the status of vulnerabilities evolves—whether through the stabilization of proof-of-concept exploit code, a vulnerability’s inclusion in CISA’s Known Exploited Vulnerabilities (KEV) catalog, or other indicators—the EMS score adjusts accordingly.
The platform’s EMS dashboard provides security owners with a historical view of these shifts, allowing them to track risk trends and respond to emerging threats proactively. By replacing guesswork with real-time data, EMS provides a more accurate and actionable risk score, enabling security teams to prioritize efforts where they are most needed.
“Our customers have been asking for a more reliable, real-time approach to assessing vulnerabilities,” said Alex Matrosov, CEO and Head of Research at Binarly. “Security teams are tired of probabilistic risk scores that read like weather forecasts. EMS is different. It’s driven by hard evidence, including exploit code, ransomware payloads, and breach telemetry, so security teams can see exactly which vulnerabilities are being weaponized right now.”
Seamless Intelligence Flow and Coordination Features
In addition to EMS, Binarly has enhanced its platform with several features designed to improve coordination and streamline the vulnerability management process. Auto-Advisories and Vulnerability Exploitation (VEX) generation are two key updates, designed to simplify coordinated disclosure when new vulnerabilities are discovered in third-party code.
The Transparency Platform 3.0 also introduces the first wave of its Global Search engine—a cross-inventory query tool that provides security teams with answers from every product, component, and artifact in seconds. This powerful feature reduces the time spent manually searching for information, allowing security teams to focus on remediation rather than data collection.
Other notable improvements include expanded export options, which streamline the hand-off of data to engineering and audit teams, as well as new reports tailored for Post-Quantum Compliance and Secure-by-Design initiatives. These reports help translate complex binary-level analysis into actionable insights that can be understood at the board level, ensuring that executives and decision-makers are aligned with the security team’s efforts.
“Our mission with every platform release is to reduce the noise and focus on the signals that truly matter,” Matrosov emphasized. “By linking binary-level analysis with real-time threat intelligence and providing clear, actionable remediation paths, Binarly’s Transparency Platform 3.0 enables security teams to spend less time sorting through data and more time addressing the vulnerabilities that pose the greatest risk.”
Under-the-Hood Upgrades for Deeper Analysis and Detection
Behind the scenes, Binarly has made significant upgrades to the platform’s core functionality. The code analysis engine has been refined to better handle stubs and fix-ups, while also providing clearer evidence paths for previously unknown vulnerabilities. The platform’s library of Deep Vulnerability Analysis (DVA) checkers has been expanded to include a specific focus on UEFI input-validation flaws—critical in ensuring the security of firmware.
The update also introduces advanced detection capabilities for abnormal PE parsing in firmware modules, a specialized checker for microcode vulnerabilities, and enhanced support for compiler- and build metadata extraction, which strengthens Software Bill of Materials (SBOM) validation. Additionally, the platform’s cryptographic artifact discovery functionality has been improved, along with a new secret-detection workflow that auto-validates potential credentials, minimizing false positives.
“Security teams now have a comprehensive toolkit at their disposal,” Matrosov noted. “With these upgrades, Binarly’s Transparency Platform 3.0 provides the deepest, most accurate vulnerability analysis on the market.”
Enhancing Post-Quantum Security and RBAC Collaboration
In response to the growing need for post-quantum security, Binarly’s latest platform release introduces tools to assist organizations in preparing for the era of quantum computing. Post-quantum migration tooling helps security teams assess and transition to quantum-safe cryptography, ensuring that their firmware remains resilient in the face of emerging threats from quantum computing.
The platform also extends its reach in collaboration and access control with enhanced Role-Based Access Control (RBAC) features, ensuring that only the right people have access to sensitive information. This is crucial for large organizations where multiple teams may need to access vulnerability data, but only specific individuals should be responsible for remediation actions.
Expanding the Platform’s Reach: From Visibility to Prioritization
The release of Transparency Platform 3.0 marks a significant leap in how organizations can manage and prioritize firmware vulnerabilities. The platform’s suite of features—ranging from real-time threat intelligence and exploitation maturity scoring to deep vulnerability analysis and post-quantum compliance—provides a comprehensive solution that goes beyond just visibility. It enables security teams to actively prioritize and address the most dangerous vulnerabilities based on what is actually happening in the wild, rather than relying on outdated or probabilistic risk models.
“We’ve built the Binarly Transparency Platform 3.0 to be the most actionable platform in the market,” Matrosov concluded. “It empowers enterprise security teams with real-time intelligence, clear remediation paths, and the ability to track vulnerabilities as they evolve. By combining deep binary analysis with live threat data, we’re giving security professionals the tools they need to protect their organizations from the ever-evolving threat landscape.”
With the launch of Transparency Platform 3.0, Binarly is reaffirming its commitment to helping organizations secure their firmware and software supply chains with the most up-to-date, actionable, and reliable intelligence available. As cybersecurity continues to evolve, Binarly’s continuous innovation ensures that its customers are always one step ahead in the battle against increasingly sophisticated threats.
About Binarly
Binarly is a U.S.-based firmware and software supply chain security company founded in 2021. The flagship Binarly Transparency Platform helps device manufacturers, OEMs and enterprise product security teams to detect vulnerabilities, misconfigurations, secrets, and malicious code in devices and software supply chains. Leveraging decades of research and program analysis expertise, we secure businesses, critical infrastructure, and consumers, while also assisting organizations in transitioning to a post-quantum cryptography (PQC) environment.