#Japan #Tokyo #SBOM #Cybertrust #Insignary

Cybertrust and Insignary Join Forces for Enhanced Vulnerability Management

Cybertrust Inc., located in Minato, Tokyo, has announced a promising partnership with Insignary Inc., based in Toronto, Ontario, Canada, to develop a robust operation model for vulnerability management closely tied to the Cyber Resilience Act (CRA) coming into effect in Europe. As manufacturers race against the clock to comply with CRA’s requirements, the two companies have committed to integrating their technological strengths to provide a comprehensive solution called "MIRACLE Vul Hammer with Clarity."

The urgency stems from the imminent implementation of Article 14 of the CRA, which mandates manufacturers to report vulnerabilities starting from September 11, 2026. As companies exporting products to Europe or supplying components face impending regulations, there is a growing need for effective vulnerability management and Software Bill of Materials (SBOM) implementation. Currently, many of the leading SBOM generation tools available in Japan rely on software package managers, making it increasingly challenging to produce SBOM when only binaries are supplied through the supply chain.

Insignary has carved out a niche in this space with its proprietary software composition analysis (SCA) solution, "Insignary Clarity," capable of generating SBOM directly from binary files and facilitating the management of vulnerabilities and licenses in open-source software (OSS). In this partnership, Cybertrust’s vulnerability management tool, "MIRACLE Vul Hammer," will be seamlessly integrated with Insignary Clarity to facilitate the generation of SBOMs compatible with various development environments. This integration allows for SBOM import and vulnerability scanning, creating a one-stop solution for developers navigating complex compliance landscapes.

Key Features of the Partnership

The resulting solution, "MIRACLE Vul Hammer with Clarity," boasts several features that streamline vulnerability management from development through operations:

• - SBOM Generation: Using source and binary analysis with Insignary Clarity, SBOMs in SPDX and CycloneDX formats can be produced efficiently.
• - Centralized Vulnerability Management: Diverse SBOMs and configuration data, spanning from operating systems to applications, can be imported into MIRACLE Vul Hammer for centralized vulnerability oversight.
• - Prioritization and Evaluation: The solution aids in correlating vulnerability information, determining the scope of impact, and establishing evaluation and response priorities.
• - Timely Notifications: Results from vulnerability scans can be emailed to users, enabling quicker understanding and resolution of identified issues.
• - Efficiency in CRA Compliance: Output of SBOMs and vulnerability reports significantly accelerates compliance reporting for CRA.

Proof of Concept Details

The companies will commence accepting applications for a limited Proof of Concept (PoC) starting from October 16 until December 26, 2025. This PoC is available for the first 20 applicants on a first-come, first-served basis, with specific inquiries about costs required to participate. The official launch of the full product is slated for January 23, 2026.

As Europe gears up for the full enforcement of CRA beginning December 11, 2027, Cybertrust aims to leverage this strategic partnership to provide manufacturers not only with the tools they need to generate SBOMs and manage vulnerabilities but also to ensure compliance with the forthcoming regulations. The collaboration fills a significant gap in the current offerings and will empower a wide range of software supply chains.

Through this innovative integration of their respective technologies and expertise, Cybertrust and Insignary are set to pave the way toward a future where compliance and security coexist in harmony. As Cybertrust reinforces its commitment to providing trustworthy IT services, this partnership opens new avenues to support the pressing needs of the global manufacturing sector.

About Cybertrust Inc.

Founded in 2000, Cybertrust is known for being the first commercial electronic certification authority in Japan, leveraging its security technology and trust services to deliver platforms for on-premises, cloud, and embedded environments.

For more information on the collaboration and the new solution, please visit here.