The U.S. Department of Homeland Security’s Science and Technology Directorate (S&T) announced Friday that it was looking for Software Artifact Dependency Graph (ADG) Generation capabilities to understand risks within the software that power cyber and physical infrastructure.
The solicitation will be administered by S&T’s Silicon Valley Innovation Program in partnership with DHS’ Cybersecurity and Infrastructure Security Agency (CISA) and will provide selected companies with up to $1.7 million in funding over four phases to develop and adapt commercial technologies for homeland security usage. Officials said the purpose of the solicitation is to enhance the security, reliability and efficiency of the software people use every day.
Software ADG’s help identify and track source code files incorporated into a piece of software, officials said. By enabling automatic visibility and verification of what goes into a piece of software, officials said they would be able to enhance software vulnerability management and ensure applications are safer and more stable. Ultimately, officials said, the ADGs would help reduce the risk of cyberattacks that can compromise users’ personal data and privacy.
“The challenge to accurately and reliably identify software is as old as software itself,” Aeva Black, CISA’s Section Chief for Open Source Software Security, said. “Scaling artifact dependency graph generation will improve open source ecosystems’ secure by design practices and empower network defenders to more easily and more accurately respond to emerging vulnerabilities.”
S&T officials said the solicitation seeks foundational open source capabilities for compiled languages, interpreted languages and packaging systems, as well as services that use the foundational capabilities to accelerate progress in the domains of software composition analysis and vulnerability management.
The deadline for application submission is 3 p.m. on Dec. 16, 2024.