CIQ and Binarly Partner to Deliver Binary and Firmware-Level Security for Enterprise Linux

Partnership extends supply chain transparency to the infrastructure layer that auditors and adversaries both know OS hardening cannot reach

RENO, Nev., May 26, 2026 — CIQ, the founding commercial sponsor of Rocky Linux and provider of enterprise infrastructure solutions, today announced a strategic partnership with Binarly, the company behind the Transparency Platform for software supply chain security, to extend binary-level analysis and firmware vulnerability detection into Enterprise Linux environments.

Binarly's Transparency Platform performs deep binary analysis of firmware, boot components, baseboard management controllers (BMCs) and vendor-supplied binaries without requiring source code, surfacing vulnerabilities that exist beneath the operating system and outside the reach of standard package scanning and CVE management tools. Paired with CIQ's commercially supported, hardened Enterprise Linux platform, customers gain a single path to infrastructure assurance that spans the OS and the layers beneath it.

The partnership also strengthens audit posture and supply chain documentation. CIQ contributes OS-level compliance evidence and FIPS 140-3 validated components through RLC Pro (Rocky Linux from CIQ Pro). Binarly adds binary and firmware analysis, SBOM generation and full dependency mapping, including transitive dependencies, giving security teams the evidence required to demonstrate supply chain diligence to auditors and regulators.

Remediation gains structure from the integration as well. Binarly's platform identifies and prioritizes binary-level risks with actionable context and remediation guidance that extends beyond traditional vulnerability scanning. Combined with CIQ's enterprise support model, that context becomes a structured remediation workflow for organizations managing production infrastructure at scale.

"Organizations that need to control their infrastructure cannot afford blind spots below the OS," said Bjorn Hovland, president of CIQ. "The Binarly partnership closes the gap between what OS hardening delivers and what supply chain assurance actually requires and backs it with the support model to move from finding to fix in production."

"What excites me about this partnership is that it turns visibility into action," said Gwen Castro, CEO of Binarly. "Binarly surfaces what's hiding beneath the OS, prioritizes it and delivers actionable remediation guidance. CIQ provides the enterprise support model to put that into action at scale. Together we're giving enterprises a path to act on firmware and binary risk that the industry has understood for years but never been able to operationalize."

The partnership is in active development, with integration milestones planned across the CIQ product portfolio. Additional details on availability will be announced as the program matures.

About CIQ
CIQ is the founding support and services partner for Rocky Linux and a leading provider of enterprise Linux infrastructure. CIQ delivers commercially supported Linux offerings, high-performance computing solutions and AI infrastructure to enterprises, government agencies, research institutions and supercomputing centers worldwide. CIQ's products include the Rocky Linux from CIQ (RLC Pro) family of operating systems, Ascender Pro for IT automation, Fuzzball job-based container orchestration, Warewulf cluster provisioning and Apptainer, the leading container system for high-performance computing. For more information, visit ciq.com.

About Binarly
Binarly is a supply chain security company whose Transparency Platform detects firmware, binary, and dependency risks across enterprise and embedded environments. The platform performs binary-level analysis without requiring source code, enabling organizations to identify supply chain vulnerabilities that standard scanning tools miss. Binarly not only helps enterprises operationalize these insights into frictionless workflows, but also assists in guiding the remediation of these high-impact vulnerabilities. This keeps enterprises both resilient against current threats and fully prepared for the future, including post-quantum cryptographic readiness. Learn more at binarly.io.

MEDIA CONTACT:
Cristin Connelly
Cathey.co for CIQ
cristin@cathey.co