The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced seven awardees from the “Software Supply Chain Visibility Tools” topic call which sought innovative technologies to provide software bill of materials (SBOMs) based capabilities for stakeholders within the enterprise, system administrator, and software development communities. S&T’s Silicon Valley Innovation Program (SVIP) issued the solicitation, seeking open-source-based technical solutions to provide the transparency to form the foundation for a high-assurance software supply chain, and to enable visibility into software supply chains and new risk assessment capabilities that serve the mission needs of DHS components and programs, including the Cybersecurity and Infrastructure Security Agency (CISA).
“To defend against the increasing number of software attacks, it’s critical to utilize innovative tools that create a more transparent software supply chain,” said Melissa Oh, SVIP Managing Director. “DHS is tapping into the startup community to develop technology that will shine a light on risks within supply chains and bolster the overall cybersecurity of organizations.”
The seven awardees will work as a cohort to develop two core software modules—a multi-format SBOM translator and a software component identifier translator—to be delivered as open-source libraries which, in turn, will be integrated with their SBOM enabled commercial products.
“Vulnerabilities in software are a key risk in cybersecurity, with known exploits being a primary path for bad actors to inflict a range of harms. By leveraging SBOMs as key elements of software security, we can mitigate the risk to the software supply chain and respond to new risks faster, and more efficiently,” said Allan Friedman, CISA Senior Advisor and Strategist. “A thriving ecosystem for SBOM tools and solutions will be key to shaping a more transparent software-driven world.”
S&T awarded Phase 1 Other Transaction Awards to seven companies: AppCensus, Inc., Chainguard, Inc., Deepbits Technology, Inc., Manifest Cyber, Inc., Scribe Security, TestifySec, LLC, and Veramine, Inc. Through a competitive process, these awardees presented innovative solutions that have the potential to provide immediate impacts to the cybersecurity market:
- DHS S&T awarded $199,800 to AppCensus, Inc., an El Cerrito, California-based company, to add to its existing platform by mapping vulnerabilities to software development kits (SDKs) behavior. AppCensus will also provide a means to visualize that data and incorporate the results into SBOM reporting and common tooling and practice for IT professionals within enterprises. AppCensus’ solution focuses on mobile applications and analyzes SDKs.
- DHS S&T awarded $200,000 to Chainguard, Inc., a Kirkland, Washington-based company, to create an SBOM composition tool by developing the conceptual schema of how to join SBOMs. Chainguard will also create test suites of both individual and combined SBOMs.
- DHS S&T awarded $198,620 to Deepbits Technology, Inc., a Riverside, California-based company to design, build, and test its software as a service (SaaS) SBOM generation tool.
- DHS S&T awarded $190,480 to Manifest Cyber, Inc., a Westport, Connecticut-based company, to further mature their existing SBOM management platform to support automating ticketing responses to Security Event and Incident Management (SEIM) systems and building support for eventual integration with commonly used asset management tools.
- DHS S&T awarded $197,960 to Scribe Security, a Tel Aviv, Israel-based company, to adapt its existing platform to further develop two of its core technology tools used for the generation of SBOMs and extend its platform to provide unique vulnerability information and insights.
- DHS S&T awarded $199,990 to TestifySec, LLC, a Jasper, Alabama-based company, to continue to develop its existing technology platform to support SBOM generation in a DevOps pipeline, extend a policy engine and an admission controller to support the evaluation of SBOM and non-containerized systems.
- DHS S&T awarded $199,800 to Veramine, Inc., a Bothell, Washington-based company, to enhance its endpoint detection and response capabilities to collect information SBOMs and provide additional vulnerability analysis and visualization of the data.