fbpx

Report #1 Recap

In Sophic Capital’s SBOMs Away!, we discussed security and privacy issues related to software development and shared recent significant cybersecurity events that exploited software vulnerabilities. Sophic Capital also introduced the growing global focus on software supply chain security, highlighting the vulnerabilities exposed by recent cyberattacks like SolarWinds, Log4Shell, and the XZ backdoor. We examined how modern software is increasingly built from open-source and third-party components—between 70% to 90% of software is used with open source and free elements. This type of design is prominent. Worse, 95% of software security weakness could originate from open source tools.

To address this, regulators around the world are pushing Software Bills of Materials (SBOMs) as a baseline requirement for transparency and risk management. An SBOM is a formal inventory of all components in a software product—including open-source libraries, licenses, and known vulnerabilities. This visibility is now essential for compliance, risk mitigation, and operational resilience in an era of rising software complexity and escalating cyber threats.

In this report, we introduce Sophic Capital client Cybeats Technologies Corp. [CSE:CYBT, OTCQB:CYBCF], a global leader in software supply chain security. Cybeats is revolutionizing the handling of vulnerabilities from open source and third-party software components—which make up over 80% of modern applications—onto a single platform. With real-time dynamic information across large organizations, Cybeats empowers customers to better identify cybersecurity risks within individual software components and automates the remediation process.

Industrial Software Is Under Threat

Power grids, water utilities, and transport systems, and other critical infrastructure components increasingly rely on complex software stacks built with open-source and third-party components. This approach accelerates software development but can also obscure security gaps—especially in mission-critical environments where uptime and reliability are paramount.

SBOMs are becoming essential in industrial cybersecurity for surfacing deep, often-overlooked risks:

  • Legacy vulnerabilities in PLC firmware (software that operates close to the hardware level, typically on various printed circuit boards) frequently go undetected without full software inventories.
  • SCADA (software used to monitor and control industrial processes and equipment remotely) patch delays are common due to a lack of component-level visibility.
  • Compliance blind spots in grid-edge and energy management systems hinder audit readiness and threat response.

Cyberattacks on industrial systems aren’t just hypothetical. Nation-state actors and criminal groups have already targeted energy infrastructure using software supply chain entry points. The risk is escalating, and operators are under growing pressure to secure their software environments without compromising uptime or operational efficiency.

From Vulnerability to Accountability: The EU Cyber Resilience Shift

One of the most consequential frameworks affecting SBOM is the EU Cyber Resilience Act (CRA), adopted in early 2024. It mandates that software and hardware products with digital elements—especially those used in critical sectors—must meet strict security requirements throughout their lifecycle, including:

  • Mandatory SBOMs
  • Continuous vulnerability handling
  • Transparent software component disclosures

This shifts the burden of responsibility squarely onto manufacturers and software providers. The CRA marks a new era of accountability, where software transparency and security-by-design are no longer optional.

Introducing Cybeats: Managing Software Supply Chain Risk at Scale

Sophic Capital client Cybeats Technologies Corp. Cybeats Technologies Corp. [CSE:CYBT, OTCQB:CYBCF] delivers robust software supply chain security solutions purpose-built for industrial and enterprise environments. Its platform delivers real-time visibility, compliance, and risk management through full SBOM lifecycle support. Rather than narrowly focusing on SBOM generation, Cybeats enables full SBOM lifecycle management—from creation and validation to monitoring and mitigation.

Cybeats’ core offerings include:

  • SBOM Studio: A centralized platform to manage, enrich, and distribute SBOMs, integrated with tools like Jira and now enhanced with automated VEX reports for prioritizing exploitable vulnerabilities.
  • SBOM Consumer: Designed for software users, this product validates and monitors third-party software for known risks and compliance gaps, with real-time alerting and threat context.
  • BCA Marketplace: A vendor-agnostic hub for fast, compliant SBOM generation, simplifying access to high-quality tools for teams with limited internal capacity.

Unlike many competitors that focus solely on SBOM generation, Cybeats provides complete visibility across stacks, toolchains, and business units—supporting proactive risk mitigation and enterprise-scale decision-making. And Cybeats’ solutions are resonating with major global enterprises that include Rockwell Automation [NYSE:ROK], Emerson Electric Co. [NYSE:EMR], and Schneider Electric [EPA:SU].

Sophic Capital - Logo - Colour

Competitive Snapshot

While several companies offer SBOM generation tools, few provide the full lifecycle management required by critical infrastructure. Cybeats stands out for its:

  • SBOM-agnostic architecture – integrates across all formats and generation tools.
  • End-to-end visibility – from development to deployment, across global teams.
  • Operational integration – built for the real-time demands of industrial environments.

This positions Cybeats as more than an SBOM generator—it’s a full software supply chain security platform purpose-built for sectors where uptime, trust, and resilience are non-negotiable. However, other companies providing SBOM solutions include:

  • Palo Alto Networks [NASDAQ:PANW] includes SBOM visibility within its broader cloud security suite (Prisma Cloud), helping organizations connect code and infrastructure risks.
  • Synopsys [NASDAQ:SNPS] offers comprehensive SBOM support with compliance and vulnerability scanning baked into the software development lifecycle.
  • Cybellum specializes in SBOMs for IoT and connected devices. Its platform maps vulnerabilities across device software and has raised significant capital. Cybellum was acquired by LG Electronics in September 2021 for approximately US$140 million.
  • Vdoo, acquired by JFrog (NASDAQ:FROG) for US$300 million, built SBOM tools focused on embedded and IoT devices, with smart filtering for relevant vulnerabilities.

Looking Ahead

The number of reported software vulnerabilities continues to grow year over year. In mission-critical sectors, proactive software transparency is no longer a luxury—it’s a requirement. As regulatory frameworks like the EU Cyber Resilience Act and industry-specific standards mature, Cybeats is emerging as a foundational partner for organizations seeking to strengthen their cyber posture across complex digital ecosystems.

Coming up…

In our next report, we’ll detail Cybeats Technologies Corp. [CSE:CYBT, OTCQB:CYBCF] customer adoption, pipeline and growth.

For More Research

Access more Cybeats Technologies Corp. research HERE

Sign up for Sophic Capital’s reports HERE

Disclosures

Cybeats Technologies Corp. [CSE:CYBT, OTCQB:CYBCF] has contracted Sophic Capital for capital markets advisory and investor relations services.

Disclaimers

The information and recommendations made available through our emails, newsletters, website and press releases (collectively referred to as the “Material”) by Sophic Capital Inc. (“Sophic” or “Company”) is for informational purposes only and shall not be used or construed as an offer to sell or be used as a solicitation of an offer to buy any services or securities. In accessing or consuming the Materials, you hereby acknowledge that any reliance upon any Materials shall be at your sole risk. None of the information provided in our monthly newsletter and emails or any other Material should be viewed as an invite, and/or induce or encourage any person to make any kind of investment decision. The recommendations and information provided in our Material are not tailored to the needs of particular persons and may not be appropriate for you depending on your financial position or investment goals or needs. You should apply your own judgment in making any use of the information provided in the Company’s Material, especially as the basis for any investment decisions. Securities or other investments referred to in the Materials may not be suitable for you and you should not make any kind of investment decision in relation to them without first obtaining independent investment advice from a qualified and registered investment advisor. You further agree that neither Sophic, its, directors, officers, shareholders, employees, affiliates consultants, and/or clients will be liable for any losses or liabilities that may be occasioned as a result of the information provided in any of the Material. By accessing Sophic’s website and signing up to receive the Company’s monthly newsletter or any other Material, you accept and agree to be bound by and comply with the terms and conditions set out herein. If you do not accept and agree to the terms, you should not use the Company’s website or accept the terms and conditions associated to the newsletter signup. Sophic is not registered as an adviser or dealer under the securities legislation of any jurisdiction of Canada or elsewhere and provides Material on behalf of its clients pursuant to an exemption from the registration requirements that is available in respect of generic advice. In no event will Sophic be responsible or liable to you or any other party for any damages of any kind arising out of or relating to the use of, misuse of and/or inability to use the Company’s website or Material. The information is directed only at persons resident in Canada. The Company’s Material or the information provided in the Material shall not in any form constitute as an offer or solicitation to anyone in the United States of America or any jurisdiction where such offer or solicitation is not authorized or to any person to whom it is unlawful to make such a solicitation. If you choose to access Sophic’s website and/or have signed up to receive the Company’s monthly newsletter or any other Material, you acknowledge that the information in the Material is intended for use by persons resident in Canada only. Sophic is not an investment advisor, nor does it maintain any registrations as such, and Material provided by Sophic shall not be used to make investment decisions. Information provided in the Company’s Material is often opinionated and should be considered for information purposes only. No stock exchange or securities regulatory authority anywhere has approved or disapproved of the information contained herein. There is no express or implied solicitation to buy or sell securities. Sophic and/or its principals and employees may have positions in the stocks mentioned in the Company’s Material and may trade in the stocks mentioned in the Material. Do not consider buying or selling any stock without conducting your own due diligence and/or without obtaining independent investment advice from a qualified and registered investment advisor. The Company has not independently verified any of the data from third party sources referred to in the Material, including information provided by Sophic clients that are the subject of the report, or ascertained the underlying assumptions relied upon by such sources. The Company does not assume any responsibility for the accuracy or completeness of this information or for any failure by any such other persons to disclose events which may have occurred or may affect the significance or accuracy of any such information.

The Material may contain forward looking information. Forward-looking statements are frequently, but not always, identified by words such as “expects,” “anticipates,” “believes,” “intends,” “estimates,” “potential,” “possible,” “projects,” “plans,” and similar expressions, or statements that events, conditions or results “will,” “may,” “could,” or “should” occur or be achieved or their negatives or other comparable words and include,  without limitation, statements regarding, projected revenue, income or earnings or other results of operations, strategy, plans, objectives, goals and targets,  plans to increase market share or with respect to anticipated performance compared to competitors, product development and adoption by potential customers. These statements relate to future events and future performance. Forward-looking statements are based on opinions and assumptions as of the date made and are subject to a variety of risks and other factors that could cause actual events/results to differ materially from these forward-looking statements. There can be no assurance that such expectations will prove to be correct; these statements are no guarantee of future performance and involve known and unknown risks, uncertainties and other factors. Sophic provides no assurance as to future results, performance, or achievements and no representations are made that actual results achieved will be as indicated in the forward-looking information. Nothing herein can be assumed or predicted, and you are strongly encouraged to learn more and seek independent advice before relying on any information presented.