Capability Exchange


Preparing for
Pre-launch registration is now open to all vendors!

A Foundation For

Evidence Based Security

Welcome to the Capability Exchange - an open platform designed to facilitate connection, communication, and collaboration between security vendors and consumers in the cyber security market. Empowering vendors to demonstrate the capabilities of their security solutions in quantifiable terms, focusing on how these solutions
address threats faced by consumers.

The goal of the Capability Exchange is to empower consumers with a clear quantifiable understanding of what security solutions do, enabling them to make informed decisions that best serve their cyber security needs. It's more than just a marketplace; it's an interactive platform that bridges the gap between security vendors and customers.

So What?

As a vendor by participating in the Capability Exchange, you tap into marketplace backed by over $1B in cyber security buying power. You gain access to advanced tools for deep-dive mapping of your products against frameworks such as NIST, MTIRE ATT&CK, PBOM and the Cyber Defense Matrix facilitating an unmatched showcase of your solutions, both privately empowering sales engagements and optionally publicly on the exchange.

As a consumer, it will bring clarity to your cyber security buying experience. You obtain a precise, itemized bill of necessary products and features, tailored to meet specific security needs, making decision-making, deployment and adoption straightforward and efficient.

How is this Different?

Designed to facilitate even the most extensive security vendor portfolios. The Capability Exchange supports multiple products per vendor and multiple features per product. Features and products can be bundled to represent tiers, packages and variations in offerings.

Uses a purpose-built Capability Description Model to quantify security capability, translating simple and complex product portfolios at feature level into a bill of materials needed to counter adversary techniques.

Offers extensive security taxonomies, product types, and frameworks for product portfolio alignment, with native support for frameworks like the Cyber Defense Matrix for effortless classification across security functions and asset classes.

Employs both Human and AI auditing to ensure accuracy and confidence of information published from vendors into the Capability Exchange. Information is quantifiable enabling customer validation and evidencing.

Vendor Portal

Featuring a purpose-built Vendor Portal with support for Federated Identity, enabling streamlined management of product and feature portfolios across teams and stakeholders. Includes fine-grain policy management for segregation of portfolio management and publishing.

Profile Management

Offers extensive profile management for displaying certifications, images, and company information to consumers. Backed by fully indexed and vectorized search, profiles can be located based on context and customer requirements.

Capability Mapping

Featuring an advanced mapping tool that ties product portfolios to frameworks like MITRE ATT&CK, ICS, Mobile, and PBOM at a feature level. Equipped with a migration assistant for easy updates and filtering on products, features and threats. Product portfolios can be tailored to customer threat profiles enhancing sales engagements.

Extensive API

The Capability Exchange is extensible, with a compressive API documented with the OpenAPI standard. Vendors can pragmatically update and maintain product portfolios and capability mappings, keeping offerings current and accessible.