SANTA MONICA, Calif.: Binarly, a leading firmware and software supply chain security company, today announced the rollout of its flagship Binarly Transparency Platform 3.0, a major update that fuses live threat‑intelligence signals with an exploitation‑aware scoring system to help enterprise teams prioritize the mitigation of vulnerabilities with the most immediate risk.

The release introduces Threat Intelligence Monitoring, a service that tracks public proof‑of‑concept code, ransomware activity, and private telemetry to flag actively exploited flaws the moment they surface. These signals feed a new Exploitation Maturity Score (EMS) that replaces probabilistic models with evidence‑based weighting, giving defenders a clear, continuously updated view of true risk.

The company’s research team built EMS to measure the present rather than guess the future; historical shifts in the score are charted inside the dashboard so security owners can watch risks rise or recede as exploits mature, proof‑of‑concept code stabilizes, or a vulnerability lands in CISA’s KEV (Known Exploited Vulnerabilities) catalog.

Because the monitoring stack is developed and curated in‑house, intelligence updates flow to customer consoles without delay.

“Security teams are tired of probabilistic risk scores that read like weather forecasts,” said Alex Matrosov, Binarly’s CEO and Head of Research. “EMS puts hard evidence on the table with live data on exploit code, ransomware payloads, and breach telemetry so our customers can see, in real time, which vulnerabilities are being weaponized.”

The Binarly Transparency Platform refresh also debuts Auto‑Advisories and VEX generation to streamline coordinated disclosure when a customer uses the platform to discover new issues in third‑party code, as well as the first wave of Global Search, a cross‑inventory query engine that pulls answers from every product, component, and artifact in seconds.

The feature list also includes new export options to simplify hand‑offs to engineering and audit teams, while purpose‑built Post‑Quantum Compliance and Secure‑by‑Design reports translate deep binary analysis into board‑level action plans.

“Our goal with every release is to take noise off the dashboard and put the right signals around what matters,” Matrosov added. “By linking binary‑level analysis with real‑time intel and clear remediation paths, the platform lets enterprise security teams spend less time sorting data and more time fixing what keeps them up at night,” Matrosov added.

Under the hood, Binarly has upgraded its code‑analysis engine with smarter handling of stubs and fix‑ups, clearer evidence paths for unknown vulnerabilities, and an expanded library of Deep Vulnerability Analysis (DVA) checkers focused on UEFI input‑validation flaws.

The update also adds detection logic for abnormal PE parsing in firmware modules, a microcode‑specific vulnerability checker, compiler‑and‑build metadata extraction for stronger SBOM validation, cryptographic artifact discovery, and a secret‑detection workflow that now auto‑validates potential credentials to cut false positives.

The latest release builds on existing technologies providing reachability analysis, post‑quantum migration tooling, and RBAC collaboration features, extending the platform’s reach from visibility to prioritization defined by what is happening in the wild.

About Binarly

Binarly is a U.S.-based firmware and software supply chain security company founded in 2021. The flagship Binarly Transparency Platform helps device manufacturers, OEMs and enterprise product security teams to detect vulnerabilities, misconfigurations, secrets, and malicious code in devices and software supply chains. Leveraging decades of research and program analysis expertise, we secure businesses, critical infrastructure, and consumers, while also assisting organizations in transitioning to a post-quantum cryptography (PQC) environment.

For more information, visit https://binarly.io

Fonte: Business Wire