U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  1. Science and Technology Directorate
  2. News Room
  3. S&T Seeks Solutions to Software Vulnerabilities

News Release: DHS S&T Seeks Solutions to Software Vulnerabilities

Release Date: July 11, 2022

FOR IMMEDIATE RELEASE
S&T Public Affairs, 202-254-2385

WASHINGTON – The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced a new solicitation in partnership with the Cybersecurity and Infrastructure Security Agency (CISA) that address weaknesses in software, a key component of critical infrastructure systems. Cyber-attacks can lead to outages or damage to safety and life-critical systems.

Under its “Software Supply Chain Visibility Tools” topic call, S&T’s Silicon Valley Innovation Program (SVIP) is seeking technical capabilities that will help CISA secure the digital frameworks that individuals and organizations rely on for essential services, including communications, finance, transportation and energy.

“DHS is committed to working with industry to develop tools and technologies that provide visibility into the software supply chain,” said Melissa Oh, SVIP Managing Director. “This topic call highlights core capabilities that will help bring transparency into the digital building blocks used by organizations in both their business operations and in their cyber defenses.”

This topic call is looking for technology to strengthen the assurance of the software supply chain that is essential to protecting software and software-controlled systems. This can be done, in part, through the development of tools that enable stakeholder visibility into software supply chains and new risk assessment capabilities. 

Detailed application requirements are outlined in the solicitation, and particularly focuses on the  Software Bill of Materials (SBOM), a formal, machine-readable inventory of software components and dependencies, information about those components, and their hierarchical relationships.     

“Vulnerabilities in software are a key risk in cybersecurity, with known exploits being a primary path for bad actors to inflict a range of harms,” said Allan Friedman, CISA Senior Advisor and Strategist. “By leveraging SBOMs as key elements of software security, we can mitigate the risk to the software supply chain and respond to new risks faster, and more efficiently.”   

The solicitation deadline is October 3, 2022, 12:00 PM PT.

A virtual Industry Day is set for July 14, 2022, 9:30 - 11:30 AM PT for technology developers and vendors to discuss the solicitation and operational needs.

###

Last Updated: 07/11/2022
Was this page helpful?
This page was not helpful because the content