DataTribe – a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies – recently announced a $2 million seed investment in Vigilant Ops, a leading automation platform for the generation, maintenance, and authenticated sharing of certified Software Bill of Materials (SBOM). Vigilant Ops (winner of the 6th annual DataTribe Challenge in November) performs continuous vulnerability monitoring and alerting, security patch notifications, and the ability to upload SBOMs – lists of the software libraries embedded in products – from alternate sources.
The federal government policymakers and regulators are keenly focused on software security and have highlighted SBOMs’ role in creating a secure and resilient software ecosystem. And in 2021, the Biden Administration’s National Security Strategy and Executive Order 14028 required SBOMs from organizations to secure the components of software products used to manage our nation’s most vital interests. In the past 2+ years, SBOM mandates and guidance have been issued by the Federal Drug Administration (FDA), Federal Energy Regulatory Commission (FERC), Cybersecurity Infrastructure Security Agency (CISA), National Security Agency (NSA), and Office of the Director of National Intelligence (ODNI), just to name a few.
Vigilant Ops will utilize the funding to expand the capabilities of its InSight platform across multiple critical infrastructure industries. And Vigilant Ops, which has focused primarily on the healthcare sector, will continue to build a complete inventory of software components recognized by legislation and regulatory requirements to expand into the energy, telecom, manufacturing, information technology, financial services, and communications industries.
DataTribe CTO Leo Scott will join the Vigilant Ops Board.
The most recent release of the InSight Platform now also includes automated import of various SBOM formats, supporting industry standards like CycloneDX and SPDX. And the vulnerability dispositioning process now enables justification responses, following prescribed industry standards and mitigation scoring, which can be included in Vulnerability Exploitability eXchange (VEX) reports.
KEY QUOTES:
“Software security is the next domain in cyber, and government policies are increasingly placing significant development regulations that require software manufacturers to be responsible for the cybersecurity of their products. Vigilant Ops is meeting an urgent market need, automating the production of SBOMs to provide a system of record for software buyers to manage SBOMs and bolster resiliency through identifying and mitigating component vulnerabilities.”
— Tony Surak, chief marketing officer for DataTribe
“The DataTribe funding, coupled with its foundry model, will enable us to quickly scale our technology and business development operations to meet the software cybersecurity challenges that threaten our national and economic security. Securing the products that enable the critical infrastructure every citizen and company rely on daily will help unleash the innovative uses of new technologies and services.”
— Ken Zalevsky, Vigilant Ops CEO