U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  1. Home
  2. About DHS
  3. Site Links
  4. Keywords
  5. Software

Software

Last Updated: August 16, 2023 | Site Page

Software Supply Chain Visibility Tools (CISA)

  • AppCensus (El Cerrito, California) will add to its existing platform by mapping vulnerabilities to SDK behavior and providing a means to visualize that data as well as incorporate those results into SBOM reporting and common tooling and practice for IT professionals within enterprises. (Initial Award April 2023) – Currently in Phase 1
  • ChainGuard (Kirkland, Washington) - will create an SBOM composition tool by developing the conceptual schema of how to join micro-SBOMs, creating a test suite of micro-SBOMs and the super SBOMs that ought to be created, and implementing functionality that takes micro-SBOMs as input and outputs a super SBOM. (Initial Award April 2023) – Currently in Phase 1
  • DeepBits (Riverside, California) - has developed an AI-powered code intelligence platform for large-scale accurate binary code identification across languages and hardware platforms. They will develop a multi-format SBOM translator and design, build, and test its SaaSBOM generation tool. (Initial Award April 2023) – Currently in Phase 1
  • Manifest Cyber (Westport, Connecticut) will further mature their existing SBOM management platform by adding capabilities including support for enriching vulnerability data using the Vulnerability Exploitability eXchange (VEX) documentation, automating ticketing responses to Security Incident and Event Management (SEIM) systems, automating risk and compliance report. generation, begin building a global SBOM repository, and building support for eventual integration with commonly used asset management tools. (Initial Award April 2023) – Currently in Phase 1
  • Scribe Security (Tel Aviv, Israel) - will adapt its existing platform to develop a multi-format SBOM translator using an Open Policy Agent (OPA), further develop two of its core technology tools used for the generation of SBOMs and extend its platform to provide unique vulnerability information and insights. (Initial Award April 2023) – Currently in Phase 1
  • TestifySec (Jasper, Alabama) - is developing a new security platform and associated tools to provide enhanced supply chain security. These tools ensure software integrity by enabling detection of possible tampering or malicious activity through the application of “generate” and “verify” attestation processes in concert with policy compliance configuration. (Initial Award April 2023) – Currently in Phase 1
  • Veramine (Bothell, Washington) - will enhance its Endpoint Detection & Response (EDR) agent by adapting and configuring the agent to collect only what would be needed to populate the SBOM and – importantly – also to centrally preserve a single copy of every binary ever loaded anywhere across the enterprise network for vulnerability analysis. (Initial Award April 2023) – Currently in Phase 1
Last Updated: April 27, 2023 | Press Releases

S&T Forms New Startup Cohort to Strengthen Software Supply Chain Visibility Tools

DHS S&T announced seven awardees from the “Software Supply Chain Visibility Tools” topic call which sought innovative technologies to provide software bill of materials (SBOMs) based capabilities for stakeholders within the enterprise, system administrator, and software development communities.

Last Updated: November 3, 2022 | Press Releases

Feature Article: Software Suite Will Harden Defenses for Soft Targets

S&T is continuously working to equip those within DHS dedicated to securing soft targets with enhanced detection methods.

Last Updated: July 11, 2022 | Press Releases

S&T Seeks Solutions to Software Vulnerabilities

DHS S&T announced a new solicitation in partnership with CISA that address weaknesses in software, a key component of critical infrastructure systems.

Last Updated: November 19, 2020 | Publication

ST-DHS SBIR Success Story Software Assurance Risk Management

This success story highlights the DHS SBIR company Applied Visions of Northport, New York, which developed Code Ray, a software assurance risk management technology that improves the speed, accuracy and confidence in detection of vulnerabilities and source code weaknesses. 

Last Updated: October 5, 2020 | Press Releases

Feature Article: Protecting Device Software from Zero-Day Attacks with TrustMS

DHS S&T collaborates with Intelligent Automation, Inc., to develop system that protects operating systems and apps on embedded platforms against cyberattacks.

Last Updated: September 24, 2020 | Press Releases

News Release: DHS S&T SVIP Awards $193K to Kynamics for Language Translation Capability

Funding awarded to Kynamics of Mountain View, CA, to build a portable system for language translation capabilities to support United States Coast Guard missions.

Last Updated: July 2, 2020 | Publication

ST-News-Extracting Reader and Filter for Helping Emergency Responders Deliver Effective Results

Read the latest results and feedback on the usability of NERFHERDER for first responders.

Last Updated: November 26, 2019 | Press Releases

Snapshot: Top 25 Most Dangerous Software Errors

The Common Weakness Enumeration (CWE) list of the 25 most dangerous software errors is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in software.

Last Updated: September 30, 2019 | Publication

ST-Grant County-NGFR Configuring A Raspberry Pi Location Sensor How To Guide

This how-to guide provides installation and configuration instructions of the PiPoint location software for a Raspberry Pi computer that was demonstrated as part of the Spiral 2 technology exercise.