Businesswire | May 30, 2023
Tidelift, a provider of solutions for improving the security and resilience of the open source software powering modern applications, today announced that it has been awarded three U.S. government contracts worth over $3.5 million, and is expanding its public sector organization in response to increased demand for innovative solutions that help the U.S. government improve its cybersecurity supply chain risk management (C-SCRM) capabilities.
High-profile software supply chain vulnerabilities including Log4Shell and SolarWinds have dramatically increased attention on the need for improved software security, both in the public sector and beyond. In the U.S., this effort began in May, 2021 with White House Executive Order 14028: Improving the Nation’s Cybersecurity, and since then a variety of policy and legislative initiatives around cybersecurity have gained traction.
In September, 2022, the U.S. government’s Office of Management and Budget released memorandum M-22-18 on Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. M-22-18 formalizes the guidance provided in the NIST Secure Software Development Framework and NIST Software Supply Chain Security Guidance documents as the government requirements for developing secure software, and mandates federal government agencies comply with these guidelines.
This memorandum sets aggressive deadlines for compliance with specific dates for both government agencies and organizations selling software to the government to comply with NIST guidelines. Among other stipulations, it requires that any organization selling software to the government must self-attest that their software is compliant with the NIST SSDF by June 2023 for critical software or by September 2023 for all other software.
More recently, the National Cybersecurity Strategy sets a new precedent for software security liability, with the government intending to hold software producers liable for damages caused by preventable security vulnerabilities and offer liability protections to organizations that can show they follow secure software development practices.
Tidelift awarded three U.S. government contracts worth over $3.5 million
In addition to efforts like those mentioned above, the U.S. government is increasingly investing directly in improving open source software security. Tidelift was recently awarded three separate innovation research awards as part of the U.S. government SBIR program. The SBIR program is designed to help U.S.-based businesses invest in their technical potential, while stimulating technology innovation and meeting specific research and development needs.
Through these SBIR Phase II awards, Tidelift is working with the Department of the Air Force and the Defense Advanced Research Projects Agency (DARPA) to help spur innovation in the systems and processes the U.S. government uses to improve open source software security and cybersecurity supply chain risk management. This investment will help Tidelift expand its industry-leading open source software management solution, including increasing its ability to partner with even more open source maintainers to validate their components meet important security, maintenance, and licensing standards required by government and industry users, and pay these maintainers for this critical work.
It will also help the U.S. government better address the requirements and deadlines emerging from Executive Order 14028, memorandum M-22-18, and the NIST Secure Software Development Framework, especially when it comes to the open source components in use in government applications. Tidelift is also helping address new requirements around software bills of materials (SBOMs) that U.S. government agencies are beginning to understand, interpret, plan for, and deploy. Along with Tidelift producing an SBOM from every application build, the company is actively working upstream with open source maintainers to validate and improve security, maintenance, and licensing metadata for their projects and capture this data using the TACOS (Trusted Attestation and Compliance for Open Source) attestation framework.
"The United States Air Force, and the Government as a whole, are among the largest consumers of open source software. With the increasing requirements around Software Supply Chain Risk Management (SCRM) and Software Bills of Materials (SBOM) initiatives, we are excited to partner with Tidelift to enhance cybersecurity resilience outcomes for open source software dependencies that support our most critical work," said Robert "Devo" DeVincent, Chief Software Officer, Air Force 309th Software Engineering Group.
Tidelift expands public sector organization to meet growing demand
Tidelift has named Matthew Arnow, a long-time veteran of Tidelift, to lead the newly expanded public sector team. Matthew heads up the team with extensive experience working with government and public sector clients.
“Tidelift looks forward to working more closely with our government and public sector customers and prospects to improve the resilience of our mission-critical open source infrastructure,” said Matthew Arnow, head of public sector for Tidelift. “Our unique approach of working directly with the maintainers behind thousands of important open source projects will help public sector customers comply with U.S. government security directives and meet necessary government and industry standards.”
Tidelift partners with Carahsoft to support public sector expansion
Tidelift has also partnered with Carahsoft, the leading government reseller partner, to help more quickly and effectively address the number of large public sector opportunities.
“Over the past year, we’ve seen increased demand from our customers for solutions that help improve open source software security and supply chain resilience,” said Natalie Gregory, vice president, Carahsoft. “We look forward to working with Tidelift and our reseller partners to deliver open source software supply chain risk management solutions to our government customers.”
Tidelift, a 2022 Gartner Cool Vendor, helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers the tools, data, and strategies powering an inclusive and organization-wide approach to improving the health and security of the open source software supply chain. Tidelift enables organizations to move fast and stay safe when building applications with open source, so they can create more incredible software, even faster. https://tidelift.com/
EMERGING TECHNOLOGY, CYBERSECURITY
Acalvio Technologies | March 13, 2023
One of the leaders in cyber deception, Acalvio Technologies and The Trusted Government IT Solutions Provider®, Carahsoft Technology Corp., recently announced a partnership. Carahsoft will serve as Acalvio's Master Government Aggregator®, as per the agreement, making the company's market-leading Active Defense Platform and ShadowPlex Advanced Threat Defense accessible to the Public Sector via Carahsoft reseller associates, NASA Solutions for Enterprise-Wide Procurement (SEWP) V, National Association of State Procurement Officials ValuePoint, Software 2 (ITES-SW2), Information Technology Enterprise Solutions, National Cooperative Purchasing Alliance and OMNIA Partners contracts.
Acalvio's ShadowPlex enables government agencies to efficiently execute the three most important aspects of adversarial engagement, including detection, which helps in rapid discovery of adversary presence both on-premises and in–cloud infrastructure, disruption to impede and slow down attacks and intelligence to easily collect granular forensics of attacker tactics, techniques, and procedures.
The Continuous Diagnostics & Mitigation (CDM) Program Approved Products List (APL) has approved Acalvio Technologies, and their products are now accessible through various Carahsoft contracts, including SEWP V contracts NNG15SC03B and NNG15SC27B, NASPO ValuePoint Master Agreement #AR2472, ITES-SW2 Contract W52P1J-20-D-0042, NCPA Contract NCPA01-86, and OMNIA Partners Contract #R191902.
About Acalvio Technologies
Based in Santa Clara, California, Acalvio is one of the leading cyber deception technologies providers. The company helps businesses actively defend against advanced security threats. Established in 2015, it was built on 25 issued patents in autonomous deception and advanced AI. It also offers robust solutions for Identity Threat Detection and Response (ITDR), Ransomware Protection and Advanced Threat Detection for IT and OT networks, and Zero Trust.
Carahsoft is a government IT solutions provider, combining technological expertise with a comprehensive understanding of the government procurement process to assist public sector organizations in selecting and implementing the most cost-effective solution. The company is based in Reston, Virginia. It is one of the largest government partner catering as the government's master aggregator for many of its best-in-class vendors. It also drives value for a vast ecosystem of IT manufacturers, system integrators, resellers, and consulting partners.
EMERGING TECHNOLOGY, CYBERSECURITY
Businesswire | March 23, 2023
Red River, a technology transformation company serving government and enterprise customers, today announced that it is now an authorized provider on the U.S. Army’s Information Technology Enterprise Solutions 3 Services (ITES-3S) contract. Awarded by the Computer Hardware, Enterprise Software and Solutions (CHESS) and the Army Contracting Command - Rock Island (ACC-RI), ITES-3S is a nine-year, $12.1 billion, indefinite delivery indefinite quantity (IDIQ) contract.
The ITES-3S IDIQ will provide a broad range of enterprise information technology services and support to the U.S. Army and other authorized Federal Government agencies. Types of information technology services available through the ITES-3S IDIQ include Program Management; Cybersecurity/Information Assurance; Enterprise Design, Integration and Consolidation; Network/Systems Operation and Maintenance; Telecommunications; Supply Chain Management; Operation and Maintenance; Business Process Engineering; and Information Technology Education and Training.
This award demonstrates Red River’s longstanding commitment to providing superior professional services to the U.S. Army and the opportunity to continue to serve and support the men and women in uniform at home and abroad. Red River has more than 25 years as a trusted technology and services provider to the U.S. government and Department of Defense (DoD).
“We are excited to continue our longstanding history of supporting the technology services needs of the Army and other government agencies supported through this contract vehicle,” said Brian Roach, CEO for Red River. “We look forward to collaborating with DoD technology leaders to support their mission requirements in areas such as cybersecurity, managed services, cloud, infrastructure and collaboration. This is a significant addition to our contracts portfolio and strengthens our position as a leading technology and services provider to the DoD and the U.S. government as a whole.”
About Red River
Red River brings together the ideal combination of talent, partners and products to disrupt the status quo in technology and drive success for business and government in ways previously unattainable. Red River serves organizations well beyond traditional technology integration, bringing more than 25 years of experience and mission-critical expertise in managed services, cybersecurity, infrastructure, collaboration and cloud solutions.