Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
aDolus’s FACT platform is positioned as a software and firmware supply chain security validation solution. Its core goal is to quickly determine whether files, software updates, or firmware packages can be trusted. It decomposes files and hidden subcomponents, generates enhanced SBOMs, and combines malware scanning, certificate-chain validation, vulnerability database correlation, and vendor intelligence to produce a FACT Trust Score. This score can support security policies, allowlists, audits, and installation decisions.
In terms of protection coverage, FACT addresses supply chain risk identification, SBOM, VEX, vulnerability management, malware detection, code-signing verification, and vendor discovery. The site explicitly states that it can generate NTIA-compliant SBOMs and supports SPDX JSON v2.3, SPDX Tag/Value v2.2, and CycloneDX v1.4. VEX documents help distinguish genuinely exploitable vulnerabilities from issues that can be safely deprioritized. For vulnerability management, the platform continuously monitors NVD, vendor websites, and other online sources, and uses ML/NLP to resolve matching challenges caused by inconsistent naming, versions, and descriptions. Malware detection integrates VirusTotal, Nextron, and YARA rules, with an emphasis on reducing false positives through cross-analysis.
The website does not disclose specific pricing, plans, trials, deployment options, or data residency details. It only provides entry points to Get a Demo and contact the technical team. Before procurement, buyers should confirm whether the product is SaaS, self-hosted, or hybrid; whether it supports offline OT environments; and whether licensing is based on files, assets, product lines, or organization size.
Its strengths are its broad end-to-end coverage, making it especially suitable for OT/ICS, firmware, and legacy software scenarios. It can generate SBOMs from binaries, which is useful when source code is unavailable. The Trust Score, CVSS, and AI confidence indicators also help prioritize vulnerabilities. The main limitations are opaque pricing and deployment information, and the lack of disclosed security certifications such as SOC 2 or ISO. In addition, AI-based correlation results still require security teams to validate exploitability in the context of their own business environment.
FACT is best suited for critical infrastructure operators, OT asset owners, software/firmware vendors, security managers, and product managers. Typical use cases include validating software updates before release, investigating Log4j-style incidents, preparing VEX/VDR disclosures, and managing supplier compliance. The source text does not provide details on access from China. We recommend testing the official website, Demo process, payment, and contracting workflow directly. If access, cross-border data transfer, or local compliance requirements are constrained, buyers should also evaluate domestic alternatives for software supply chain security, SBOM, and vulnerability management.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on adolus.com official site.
adolus.com is an Canada Cybersecurity provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Unknown. Click "Visit Official Site" to reach adolus.com directly.