Device Authority and Intercede distribute SBOMs using RKVST SBOM Hub
RKVST SBOM Hub makes it easy to build supply chain transparency with zero trust fabric
Infosecurity Europe, London and Cambridge UK – June 21, 2022: Zero Trust fabric provider, RKVST announces that its SBOM Hub is being used by Device Authority and Intercede to list and distribute their Software Bills of Materials (SBOMs) meeting the foundational requirements of the US cybersecurity Executive Order 14028, improving the security of software cyber supply chains with zero trust.
An SBOM provides an inventory of all the software components in a particular application, creating essential visibility into the software supply chain. Yet this information also needs to be easily discovered and accessible to authorized security and compliance stakeholders. RKVST SBOM Hub is a free cloud service that makes it easy to discover, store and distribute SBOMs and allows suppliers and consumers alike to search for publicly discoverable SBOMs and find privately shared SBOMs.
SBOMs matter because they help organizations ensure that the software and applications they use are auditable, up-to-date and patched against known security vulnerabilities. Beyond complying with the recent Executive Order related to cybersecurity, actively using an auditable SBOM is an essential pillar of zero trust in the software supply chain. The success of SBOMs, however, rests on enabling software suppliers and consumers to each use their preferred tools and to distribute and share their SBOMs through APIs. RKVST SBOM Hub makes it easy to deliver verifiable trust in data exchanges while enabling business users with no-code controls to govern data privacy, distribution and transparency.
Robert Dobson, VP Technology Partners at Device Authority said:
As a provider of critical software, suppling identity lifecycle management and zero trust capabilities for IoT, we must comply with the SBOM mandate and distribute or make available our SBOM. Our KeyScaler™ IoT Security Platform can be used to enhance the consumption of SBOMs, enforcing a zero trust and remediation model to manage and mitigate risk into critical supply chains. RKVST delivers both use cases with a simple API integration.
Allen Storey, Chief Product Officer at Intercede said:
“Our customers are asking for the SBOM of MyID to comply with the US Executive Order. Emailing ZIP files of SBOMs is a job neither we nor our customers want, especially considering we’re one of many critical software suppliers. RKVST is the trustworthy scalable platform that enables our customers to integrate with whichever tools they prefer and is open to all other software suppliers who need to distribute their SBOMs.”
Our customers are asking for SBOMs to comply with the US Executive Order. Emailing ZIP files of SBOMs is a job neither we nor our customers want, especially considering we’re one of many critical software suppliers. RKVST is the trustworthy scalable platform that enables our customers to integrate with whichever tools they prefer and is open to all other software suppliers who need to distribute their SBOMs.
Rob Brown, vice president business development at RKVST said:
“The Executive Order calls for Zero Trust and SBOMs bring the vital transparency needed to verify trustworthiness in the cyber supply chain. Continuous automated transfer of SBOMs within producers’ and consumers’ preferred tools such as Software Composition Analysis (SCA) and Security Orchestration and Automated Response (SOAR) is an approach that scales successfully. RKVST SBOM Hub has the APIs that deliver the right data to the right place to drive the right decisions, so all can verify then bridge the trust gap.”
For more information, please visit RKVST SBOM Hub
If you’re visiting Infosecurity Europe 2022, ExCel, London 21-23 June, you can see RKVST SBOM Hub in use on the RKVST stand L115.
RKVST is also speaking at Infosecurity Europe as follows:
Tuesday, 21 June, 14:30-14:45, Innovation Showcase – Bridging the Trust Gap, Jon Geater
Wednesday, 22 June, 12:00-12:15, Innovation Showcase – Partner to Bridge the Trust Gap, Rob Brown
Thursday, 23 June, 12:00-13:00, N80 – Infosecurity Magazine panel discussion Quantum and Cyber