Scribe Security, an Israel-based software supply chain security provider, announced it has been chosen by the US Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to develop the tools that support the wide availability of trustworthy Software Bill of Materials (SBOM) that can enable stakeholder visibility into software supply chains and new risk assessment capabilities.
In partnership with the Cybersecurity and Infrastructure Security Agency (CISA), SVIP's topic call aims to address SBOMs, software vulnerability and software provenance—key components of critical infrastructure systems—on the journey to improve national resilience to cyber attacks.
“As a vital component of critical infrastructure systems, software plays an essential role in the day-to-day operation of individuals and organizations. Mission-critical software is prone to attacks that can cause service outages or damage to physical infrastructure—and critical systems. Software and software-controlled systems must be protected by strengthening the resilience of the software supply chain,” said the company in a statement.
“To build a high-assurance supply chain, transparency is essential, allowing answers to questions such as: What software components are in the system? What is their true origin? What are the vulnerabilities and other security aspects associated with them? Are those components dependent on other software? And how can we automate the exchange of this information among software producers and consumers?”
Scribe describes its end-to-end, software security solution as evidence-driven, which allows transparency, control, and trust for all stakeholders—software producers, and consumers. Accrding to the company, the solution provides continuous assurance for the security of software artifacts by validating the development processes and integrity of code components as a measure of explicit trust that can be shared between software producers and consumers.
"The leading role that DHS took upon themselves to enhance their nation's resilience to supply chain attacks and the rising trend of cyber attacks directed at the software supply chain are both factors that are driving a trend for change right now," said Rubi Arbel, Scribe Security Co-founder, and CEO.
"We are honored to receive this vote of confidence in Scribe's technology and vision and look forward to helping DHS develop evidence-based continuous code security assurance technologies that can attest to the trustworthiness of software and its components throughout its entire life cycle."
The Software Bill of Materials is a formal, machine-readable inventory of software components and dependencies, as well as their hierarchical relationships. Software supply chain transparency and new risk assessment capabilities can be facilitated by tools such as Scribe Security that support the wide availability of trustworthy SBOMs.