The U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and Cybersecurity and Infrastructure Security Agency (CISA) detailed the benefits of a collaboration addressing software vulnerabilities.
The effort is significant because software weaknesses are a prime detriment to critical infrastructure systems. Cyber attacks can result in outages or safety and life-critical systems damage.
S&T’s Silicon Valley Innovation Program (SVIP) is seeking technical capabilities to help CISA secure the digital frameworks individuals and organizations rely on for essential services.
“DHS is committed to working with industry to develop tools and technologies that provide visibility into the software supply chain,”
SVIP Managing Director Melissa Oh said. “This topic call highlights core capabilities that will help bring transparency into the digital building blocks used by organizations in both their business operations and in their cyber defenses.”
The agencies are seeking technology bolstering the assurance of the software supply chain essential to protecting software and software-controlled systems.
“Vulnerabilities in software are a key risk in cybersecurity, with known exploits being a primary path for bad actors to inflict a range of harms,” CISA Senior Advisor and Strategist Allan Friedman said. “By leveraging SBOMs as key elements of software security, we can mitigate the risk to the software supply chain and respond to new risks faster and more efficiently.”