Tacit

Tacit is a SaaS platform that helps software vendors manage, qualify, and communicate product vulnerabilities across their supply chain. For software vendors, Tacit provides a dynamic and auditable knowledge base of vulnerabilities affecting their products, enriched with version-level context, SBOM inventory, and OpenVEX-based triage. It simplifies secure sharing of this information in a standardized format with internal teams, partners, and buyers, supporting compliance with NIS2 and the Cyber Resilience Act. For software buyers and end-users, Tacit becomes the control layer for contractual and legal notification obligations. It reduces operational noise by consolidating false positives declared by vendors, enables real-time notifications, and provides an AI-powered chatbot for natural language queries on vulnerability history. Key features include: versioned SBOM inventory with continuous scanning, OpenVEX-based triage and contextual qualification, a Security Status Page per product, real-time alerts (email/SMS), granular access control, and integrations with NVD, GHSA, and RHSA.