Dark Sky Technology

The UK Department for Science, Innovation and Technology (DSIT) just published a report ?? on supply chain risk management for open-source software (https://lnkd.in/euXDPb3H). They list four major weaknesses and four five solutions. Here are the exciting ones for us: 1. Problem: A lack of a process for judging open-source trustworthiness. 2. Solution: SBOM + Continuous Monitoring + Tooling We agree 100% - There's a true lack of process for measuring the trustworthiness of open-source software. We agree too that SBOMs, continuous monitoring, and tooling are very real and useful solutions to this problem. In fact, that's what we do, and that's why we created Bulletproof Trust. With Bulletproof Trust, you can securely upload, store, manage, and share your SBOM, monitor it continuously for risky and vulnerable packages, and receive deep threat intelligence with customized alerts automatically. Interested in learning more? Just DM us. We can set you up with a live demo or free evaluation. Like this article on the DSIT report points out, "open-source software security is a shared responsibility between security teams, who create and curate trusted repositories with quality-oriented policies, and individual developers, who shouldn't have to make judgement calls on whether a particular package is okay to use." Let us help you share in that responsibility with SBOM management, continuous monitoring, and automated tooling for software supply chain risk management. We do it better than anyone ??. #OpenSourceSoftware #SupplyChainRiskManagement #TrustInOpenSource

Big big news from the Dark Sky. Dark Sky Technology

We are incredibly excited to announce that our tech baby, our precious, our cyber supply chain security platform, Bulletproof Trust, has achieved “Awardable” status through the DoD Chief Digital and Artificial Intelligence Office (CDAO) Tradewinds Solutions Marketplace! The Tradewinds Solutions Marketplace is a digital repository of post- competition, readily awardable pitch videos that address the United States Department of Defense's most significant challenges in the Artificial Intelligence/Machine Learning (AI/ML), data, and analytics space. All awardable solutions have been assessed through complex scoring rubrics and competitive procedures and are available to Government customers with a Marketplace account. Government customers can create an account at www.tradewindai.com. Tradewinds is housed in the DoD’s Chief Digital Artificial Intelligence Office. We are honored to be recognized among a competitive field of applicants to the Tradewinds Solutions Marketplace whose solutions demonstrated innovation, scalability, and potential impact on DoD missions. Government customers interested in viewing the video solution can create a Tradewinds Solutions Marketplace account at tradewindAI.com. Read the full press announcement by clicking on the image below! #OpenSourceSecurity #SoftwareSupplyChainSecurity #CSCRM #TradewindsMarketplace

Finally. A Secure Home for SBOMs: Announcing Bulletproof Trust? Leo and the New SBOM Vault?! So you’ve got an SBOM. Now what? Well... You probably need a way to store it securely, track its revisions, and validate it for compliance. You probably need others to have access, and you may need to tie it into your build pipeline. Oh, and when you’re done with all that, you’re gonna need to measure it for threats, vulnerabilities, and other risks. If only there was a single solution that did everything... Oh wait. That’s what the latest release of Bulletproof Trust? does! Bulletproof Trust (codenamed Leo) introduces the new SBOM Vault?, an incredibly simple and secure way to store, manage, share, validate, and analyze SBOMs. SBOM Vault streamlines SBOM management for security professionals, developers, and compliance teams from start to finish. It’s the ultimate solution for securing your software supply chain and managing regulatory compliance for your systems and software. Read the rest of the release announcement by clicking the image below >> #SBOM #OpenSourceSecurity #CSCRM

We are so extremely saddened by the recent news of the tragic loss of a dear friend to all of us at Dark Sky, Jonathan Kline. Many of us worked with Jonathan at Pikewerks and Star Lab, where he brought *incredible* effort and expertise to bear on solving some of the most challenging cybersecurity and tampering problems in the DoD. His 20+ years of work in the field has protected countless systems that were and still are critical to the security of our nation. Jonathan showed us all what it is to pour yourself into your work and make a difference while at the same time getting the most out of life. We’re gonna miss his intelligence, his sense of adventure, and this one-of-a-kind smile. Jonathan, may God bring your beautiful soul into his presence and peace and understanding to your family and friends. You will be greatly missed. Sincerely, The Dark Sky Technology Team

Check out this excellent interview by Carolyn Ford with Scott Orton and our very own Michael Mehlberg ???... SBOMs, AI, and Cross-Domain Solutions are all the rage nowadays, and these guys covered it all!

To be blunt, a software bill of materials (SBOM) can range from a powerful tool for cyber supply chain risk management to, well, practically worthless. Most SBOMs are barely valid, few meet minimum government requirements, and almost none are useful. Which is where this article comes in... You're about to see the four levels of SBOM quality: 1. bad, ugly, horrible, useless, 2. valid (but still useless), 3. one that meets minimum requirements (but is still useless), and 4. a fully operationalizable SBOM – the gold standard. Read the full article by clicking on the image below, and share your thoughts (and disagreements ??) in the comments! #SBOM #OpenSourceSecurity #SoftwareAssurance

???? Secure by Design and Secure by Default: You need both for AppSec ???? #SecureByDesign and #SecureByDefault are two essential approaches to boost application security - learn why you need both in this insightful article by John P. Mello Jr. from ReversingLabs (which quotes our own Michael Mehlberg from Dark Sky Technology)! https://lnkd.in/dvEmytbd

MITRE Software and Supply Chain Assurance Workshop tomorrow and Wednesday. We're stoked! Michael Mehlberg will be there flying the Dark Sky Technology flag. ?Anyone else attending? #SoftwareAssurance #SoftwareSupplyChain #SupplyChainSecurity

Don't worry, this is NOT another summary of Executive Order 14144... Everyone and their mother has already done that. This article is a look into what the outgoing administrations cybersecurity improvement plan means for the cyber supply chain risk management (C-SCRM) and software supply chain (SSP) community. If you're a vendor providing software to the US Government, or an agency concerned with what you're receiving from software vendors, read on -- this article breaks down what's coming, why you should care, and what you can do right now to square up with the new and upcoming regulations. Read "Executive Order 14144 Just Dropped: Here's What it Means for Your Software Supply Chain (and Why You Should Care)" (click the image below) >> #eo14144 #sbom #softwaresupplychain #supplychainsecurity #opensourcesecurity