The U.S. Department of Homeland Security Provides Award to Scribe Security through their 'Software Supply Chain Visibility Tools' Topic Call
Scribe Security Funded by the U.S. Department of Homeland Security to develop novel software supply chain technologies
TEL AVIV, Israel, May 30, 2023 /PRNewswire/ -- Scribe Security, a software supply chain security provider, announced today it has been chosen by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) Silicon Valley Innovation Program (SVIP) to develop the tools that support the wide availability of trustworthy Software Bill of Materials (SBOM) that can enable stakeholder visibility into software supply chains and new risk assessment capabilities.
In partnership with the Cybersecurity and Infrastructure Security Agency (CISA), SVIP's topic call aims to address SBOMs, software vulnerability and software provenance—key components of critical infrastructure systems—on the journey to improve national resilience to cyber attacks.
As a vital component of critical infrastructure systems, software plays an essential role in the day-to-day operation of individuals and organizations. Mission-critical software is prone to attacks that can cause service outages or damage to physical infrastructure—and critical systems. Software and software-controlled systems must be protected by strengthening the resilience of the software supply chain. To build a high-assurance supply chain, transparency is essential, allowing answers to questions such as: What software components are in the system? What is their true origin? What are the vulnerabilities and other security aspects associated with them? Are those components dependent on other software? And how can we automate the exchange of this information among software producers and consumers?
Scribe secures software supply chains by providing an evidence-driven end-to-end solution that allows transparency, control, and trust for all stakeholders—software producers, and consumers. The solution provides continuous assurance for the security of software artifacts by validating the development processes and integrity of code components as a measure of explicit trust that can be shared between software producers and consumers. In addition to generating an SBOM for every build, Scribe also collects and signs evidence of its level of security. Producers can retain and share with stakeholders this SBOM and attestation for the security level. Scribe continuously tracks newly published intelligence such as advisories and open-source scorecards about the SBOM components. With Scribe, software producers can address these findings and communicate de-facto risks associated with published vulnerabilities, utilizing the Vulnerability Exploit eXchange (VEX) standard.
"The leading role that DHS took upon themselves to enhance their nation's resilience to supply chain attacks and the rising trend of cyber attacks directed at the software supply chain are both factors that are driving a trend for change right now," said Rubi Arbel, Scribe Security Co-founder, and CEO. "We are honored to receive this vote of confidence in Scribe's technology and vision and look forward to helping DHS develop evidence-based continuous code security assurance technologies that can attest to the trustworthiness of software and its components throughout its entire life cycle."
The Software Bill of Materials is a formal, machine-readable inventory of software components and dependencies, as well as their hierarchical relationships. Software supply chain transparency and new risk assessment capabilities can be facilitated by tools such as Scribe Security that support the wide availability of trustworthy SBOMs.
Scribe Security was founded by cyber security and cryptography veterans on a mission to build and provide an evidence-driven end-to-end software supply chain security solution.
Their extensive expertise was harnessed to create a platform that leverages leading concepts and frameworks to deliver uncompromising security to code artifacts from production to delivery throughout the entire software lifecycle.
Scribe Trust Hub is a comprehensive Software Supply Chain Security SaaS solution providing transparency, control, and trust for both software producers and consumers. Scribe's evidence-based security hub supports workflows for sharing SBOMs, vulnerabilities, code integrity, compliance, and other security aspects of software across or within enterprises. This makes software products more secure and trusted by security teams and software consumers. For more information, visit https://scribesecurity.com/
Note: Research reported in this press release was supported by the Department of Homeland Security, Science, and Technology Directorate under Award Number 70RSAT23T00000017. The content is solely the responsibility of the authors and does not necessarily represent the official views of the Department of Homeland Security.
Media Contact:
Lilach Bar-Tal
[email protected]
SOURCE Scribe Security
Share this article