Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DataTrails

What is SCITT and how does RKVST help?

SCITT in the information security context stands for “Supply Chain Integrity, Transparency, and Trust”. It’s a relatively young discipline and the dust is still settling over its scope and definition but the core is very simple: risk vests in the operator of equipment, but it originates at every point in the supply chain.

RKVST (Jitsuin) SCITT Demo from 2019

Supply Chain Integrity, Transparency, and Trust... all in one platform. A little throw-back here...all the way to 2019! SCITT is a hot area right now in 2022 but this is what we've been doing since the beginning. We were even still called Jitsuin :-) This is a very quick run through how making supply chain evidence available to all authorised partners in a supply chain as quickly as possible with Provenance, Governance, and Immutability guarantees can boost trust, reduce risk, and speed operations.

Generating an SBOM is just the tip of the iceberg

It has been nearly a year since the President Biden’s Executive Order 14028 catapulted Software Bills of Materials (SBOMs) from niche topic to the forefront of efforts to improve security of cyber supply chains. Since then not only have federal agencies including NIST and CISA delivered significant amounts of guidance and insight, but SBOMs have been the subject of intense debate across developer communities and beyond.

Export and Distribute SBOMs Directly From Your Git Repositories

Guest Blog by Daniel Parmenvik – CEO of bytesafe.dev For many, Software Bill of Materials (SBOMs) have changed from a manual list of assets for due diligence procedures to become an integral and automated part of software development. The ever increasing appetite for open-source software translates into a need to keep track of software assets (or open-source dependencies) for all applications, at any given point in time.

RKVST Set Free

Today we make RKVST available for public use with a free access tier so you can discover what a Zero Trust Fabric can do for you. From tracking software supply chain lifecycles to nuclear waste, RKVST is a powerful tool that builds trust in multi-party processes, when it’s critical to have high assurance in data for confident decisions. But before going all the way you can start simple: tracking software releases and contents with SBOMs.

Introducing the RefBOM for SBOM

Since President Biden’s Executive Order last spring, the industry has been racing to define, standardise and now produce SBOMs to describe the hundreds of thousands of software products sold to and used by federal government and beyond. So far, little thought has been given to the management of SBOMs in practice. Finding the right SBOMs for all the software an organisation relies upon can already feel like hunting for needles in haystacks.

SBOM production and secure distribution - Jitsuin and Meterian integration makes it easy.

Jitsuin met Meterian in the NCSC Cyber Runway Accelerator launched in November 2021. What we quickly realized is that automated generation and permissioned sharing of SBOMs would save valuable time in vulnerability discovery and mitigation. So we moved fast to fix things! The integration between Meterian’s Boost Open-Source Software Scanner (BOSS) and Jitsuin’s RKVST SBOM Hub enables software publishers to automatically generate, store and distribute SBOMs in public or private.