BlackBerry | January 07, 2022
BlackBerry Limited today introduced a new feature of BlackBerry® Jarvis®, the company's software composition analysis tool, that enables those doing business with the U.S. Federal Government to comply with the recent software bill of materials (SBOM) requirement from President Biden's Executive Order on Improving the Nation's Cybersecurity.
Executive Order 14028 requires any vendor, supplier, or provider of technology solutions to the U.S. government to provide a full SBOM and demonstrate other cybersecurity management measures to ensure that any security vulnerabilities in the software supply chain of the nation's critical infrastructure are identified and remediated immediately.
In response to the new standard, BlackBerry QNX has added a specific capability to BlackBerry Jarvis that enables users to efficiently generate a comprehensive SBOM report that follows the Software Package Data Exchange (SPDX®) report standard, one of the leading standards to support the U.S. government and other regulatory bodies. Available in early 2022, BlackBerry Jarvis will become one of the first software composition analysis tools to provide this key feature to embedded software developers whose products are used by the Federal Government. This will empower these developers to keep software secure from all known issues based on the speedy and actionable intelligence provided by the tool.
"As multiple government and vertical-specific safety and security standards emerge, the need to have confidence in one's codebase has taken on a new level of importance, particularly during a time in which multiple cybersecurity attacks have illustrated vulnerabilities present within the digital infrastructure of the U.S. Federal Government. BlackBerry Jarvis enables embedded software developers to demonstrate compliance, track software quality metrics and continuously harden their system so that it becomes more resilient to increasingly cunning attacks. With BlackBerry Jarvis' new ability to generate an SBOM report in the U.S. government's mandated format, it's now become an even more invaluable tool to procurement officers tasked with managing the nation's cybersecurity and software supply chain risk."
Adam Boulton, Chief Technology Officer, BlackBerry Technology Solutions
"BlackBerry Jarvis meets the needs of the embedded software industry, allowing developers to gain deep visibility into the provenance of their software while automating the key steps in the binary scanning process in order to produce an SBOM in just minutes," said Hiten Shah, Senior Analyst at Frost & Sullivan. "Complying with this specific requirement in Biden's Cybersecurity Executive Order is something which policymakers around the globe will no doubt roll out with ever more frequency in the face of a threat landscape that only seems to be growing in scale and complexity. To that end, BlackBerry Jarvis helps OEMs bring trust, transparency and above all – peace of mind – into their software supply chains."
BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including 195M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety, and data privacy solutions, and is a leader in the areas of endpoint security, endpoint management, encryption, and embedded systems. BlackBerry's vision is clear - to secure a connected future you can trust.
Stratasys | September 30, 2021
Stratasys Ltd., a leader in polymer 3D printing solutions, today announced that the company has introduced a new data security solution to enhance the cybersecurity of additive manufacturing as its role in government and defense applications grows larger and more mission-critical.
The new ProtectAM™ solution is the first in additive manufacturing to use Red Hat Enterprise Linux, the world’s leading enterprise Linux platform. This platform is preferred by the U.S. government to help deliver continuous information processing security in accordance with requirements contained in the applicable Security Technical Implementation Guide (STIG) issued by the Defense Information System Agency (DISA) of the U.S. Department of Defense.
The ProtectAM solution will initially be available for several industrial and large-format Stratasys FDM® 3D printers, which are frequently used by government customers to produce end-use parts and tools for applications such as aviation and ground maintenance applications. It is available for Fortus® 450mc™ printers effective Oct. 1 and is expected to be available for F900® 3D printers by the end of the year. Stratasys F370™ and F770™ 3D printers are expected to be added in Q1 2022, with printers that use other Stratasys technologies beyond FDM to follow. In the future, Stratasys expects to extend ProtectAM’s cybersecurity benefits to industry segments beyond government.
“The benefits of 3D printing are clear, including getting critical products wherever they are needed, with maximum speed and minimal cost, all while extending the lifespan of existing assets to save taxpayer dollars. Furthermore, the integrity of parts printed from digital files is absolutely essential, and we have established the ProtectAM solution to be a world-class security solution to continue the adoption of additive manufacturing by government agencies, and ultimately to commercial segments as well.”
Dick Anderson, Senior Vice President for Manufacturing at Stratasys
Stratasys developed its data information security solution to comply with the U.S. Defense Information Systems Agency’s Security Technical Implementation Guide for Red Hat Enterprise Linux. The STIG outlines several hundred security controls to protect against cybersecurity threats.
“Software security is a front-and-center challenge for nearly every government agency, and a need that Red Hat helps to address through our extensive work in certifying the world’s leading enterprise Linux platform to meet stringent public security requirements. Red Hat Enterprise Linux provides a platform that assists users in meeting the rigorous software security needs for sensitive computing without sacrificing flexibility, scalability or innovation. We’re pleased to be able to provide this as a foundation for Stratasys as they work to innovate industrial 3D printing and additive manufacturing in the public sector.”
David Egts, Chief Technologist, North America Public Sector, Red Hat
The release of Stratasys’ ProtectAM system opens Stratasys systems to new applications within the government that extend well beyond R&D settings. For example, adherence to STIG security controls enables the U.S. military to more readily deliver a geographically distributed enterprise network of 3D printers across and even beyond U.S. military bases. Furthermore, Stratasys’ technology is built on the FIPS and Common Criteria government-certified foundation of Red Hat Enterprise Linux, so mission-critical digital files can be sent wherever they are needed faster and parts can be quickly 3D printed locally.
Existing Stratasys printers are field upgradable with regular software security updates from Stratasys. More information about Stratasys in manufacturing is available online.
Stratasys is leading the global shift to additive manufacturing with innovative 3D printing solutions for industries such as aerospace, automotive, consumer products and healthcare. Through smart and connected 3D printers, polymer materials, a software ecosystem, and parts on demand, Stratasys solutions deliver competitive advantages at every stage in the product value chain. The world’s leading organizations turn to Stratasys to transform product design, bring agility to manufacturing and supply chains, and improve patient care.
HackerOne | January 07, 2021
The Defense Digital Service (DDS) and HackerOne today announced the dispatch of DDS's 11th bug abundance program with HackerOne and the third with the U.S. Branch of the Army. Hack the Army 3.0 is a period bound, programmer controlled security test pointed toward surfacing weaknesses so they can be settled before they are abused by foes. The bug abundance program is available to both military and regular citizen members and will run from January 6, 2021 through February 17, 2021.
Bug abundance programs, similar to Hack the Army 3.0, boost security examination and announcing of genuine security weaknesses in return for money related awards for qualified weaknesses and members. These projects are an industry best practice utilized by the most full grown associations across the world. By unveiling weaknesses to security groups, regular citizen and military programmers will help the U.S. Armed force secure digital resources and guard against cyberattacks. Hack the Army is one illustration of the Army and DoD's ability to seek after imaginative and nontraditional ways to deal with guarantee the capacity and security of individuals, organizations, and information.
"Bug bounty programs are a unique and effective 'force multiplier' for safeguarding critical Army networks, systems and data, and build on the efforts of our Army and DoD security professionals," said Brig. Gen. Adam C. Volant, U.S. Army Cyber Command Director of Operations. "By 'crowdsourcing' solutions with the help of the world's best military and civilian ethical hackers, we complement our existing security measures and provide an additional means to identify and fix vulnerabilities. Hack the Army 3.0 builds upon the successes and lessons of our prior bug bounty programs."
“We are proud of our continued partnership with the Army to challenge the status quo in strengthening the security of military systems and shifting government culture by engaging ethical hackers to address vulnerabilities,” says Brett Goldstein, Director, Defense Digital Service. “We’re calling on civilian and military hackers to show us what they’ve got in this bug bounty and to help train the future force.”
Participation in the Hack the Army 3.0 bug abundance challenge is open by greeting just to regular citizen programmers and dynamic U.S. military individuals. Bug bounties might be offered to regular citizen programmers for substantial security weaknesses as indicated by the program strategy. Military and temporary worker staff are not qualified to get monetary prizes.
“We are living in a different world today than even just a year ago,” said Marten Mickos, CEO of HackerOne. “Amidst disinformation and a global health crisis, citizens are increasingly wary of how, when, and where their information is used. For years, the U.S. Department of Defense and respective military branches have successfully strengthened their cybersecurity posture and protected precious data by enlisting the help of ethical hackers on HackerOne. Years later, hacker-powered security is not only a best practice in the US military, but it is now a mandated requirement among civilian federal agencies. There is only one way to secure our connected society, together, and the U.S. Army is leading the charge with this latest challenge.”
DDS has been a harbinger in programmer fueled security testing since the time the dispatch of "Hack the Pentagon" in 2016. DDS's Hack the Pentagon group has executed 14 public bounties on outside confronting sites and applications, and ten private bounties on a scope of delicate, inside frameworks in the U.S. Branch of Defense (DoD). Instances of past private bounties incorporate coordinations frameworks, actual equipment, and faculty frameworks.
In partnership with DDS, HackerOne has launched more federal programs than any other hacker-powered security provider and is the only bug bounty platform that is FedRAMP authorized. Previous bug bounty challenges and results include: Hack the Pentagon, Hack the Army, Hack the Air Force, Hack the Air Force 2.0, Hack the Defense Travel System, Hack the Army 2.0, Hack the Air Force 3.0, Hack the Air Force 4.0, Hack the Proxy and Hack the Marine Corps. DDS also launched a Vulnerability Disclosure Program (VDP) for the DoD in 2016, which is now one of the most successful programs of its kind with hackers reporting over 20,000 security vulnerabilities to date. Hackers who become aware of any vulnerabilities can safely disclose them to the DoD at any time through this ongoing VDP with HackerOne.
HackerOne empowers the world to build a safer internet. As the world’s most trusted hacker-powered security platform, HackerOne gives organizations access to the largest community of hackers on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Verizon Media. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020. Headquartered in San Francisco, HackerOne has a presence in London, New York, the Netherlands, France, Singapore, and over 70 other locations across the globe.
About Defense Digital Service
The Defense Digital Service was established by the U.S. Secretary of Defense in November 2015 as a SWAT team of nerds that provides the best in modern technical knowledge designed to bolster national defense. We are primarily based in the Pentagon, but we also have satellite offices in Augusta, Georgia and co-located at the Defense Innovation Unit in Mountain View, California. Our range of talent includes world-class software developers, designers, product managers, digital experts and bureaucracy hackers from both the private sector and within government.