CYBERSECURITY
Businesswire | May 30, 2023
Tidelift, a provider of solutions for improving the security and resilience of the open source software powering modern applications, today announced that it has been awarded three U.S. government contracts worth over $3.5 million, and is expanding its public sector organization in response to increased demand for innovative solutions that help the U.S. government improve its cybersecurity supply chain risk management (C-SCRM) capabilities.
High-profile software supply chain vulnerabilities including Log4Shell and SolarWinds have dramatically increased attention on the need for improved software security, both in the public sector and beyond. In the U.S., this effort began in May, 2021 with White House Executive Order 14028: Improving the Nation’s Cybersecurity, and since then a variety of policy and legislative initiatives around cybersecurity have gained traction.
In September, 2022, the U.S. government’s Office of Management and Budget released memorandum M-22-18 on Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. M-22-18 formalizes the guidance provided in the NIST Secure Software Development Framework and NIST Software Supply Chain Security Guidance documents as the government requirements for developing secure software, and mandates federal government agencies comply with these guidelines.
This memorandum sets aggressive deadlines for compliance with specific dates for both government agencies and organizations selling software to the government to comply with NIST guidelines. Among other stipulations, it requires that any organization selling software to the government must self-attest that their software is compliant with the NIST SSDF by June 2023 for critical software or by September 2023 for all other software.
More recently, the National Cybersecurity Strategy sets a new precedent for software security liability, with the government intending to hold software producers liable for damages caused by preventable security vulnerabilities and offer liability protections to organizations that can show they follow secure software development practices.
Tidelift awarded three U.S. government contracts worth over $3.5 million
In addition to efforts like those mentioned above, the U.S. government is increasingly investing directly in improving open source software security. Tidelift was recently awarded three separate innovation research awards as part of the U.S. government SBIR program. The SBIR program is designed to help U.S.-based businesses invest in their technical potential, while stimulating technology innovation and meeting specific research and development needs.
Through these SBIR Phase II awards, Tidelift is working with the Department of the Air Force and the Defense Advanced Research Projects Agency (DARPA) to help spur innovation in the systems and processes the U.S. government uses to improve open source software security and cybersecurity supply chain risk management. This investment will help Tidelift expand its industry-leading open source software management solution, including increasing its ability to partner with even more open source maintainers to validate their components meet important security, maintenance, and licensing standards required by government and industry users, and pay these maintainers for this critical work.
It will also help the U.S. government better address the requirements and deadlines emerging from Executive Order 14028, memorandum M-22-18, and the NIST Secure Software Development Framework, especially when it comes to the open source components in use in government applications. Tidelift is also helping address new requirements around software bills of materials (SBOMs) that U.S. government agencies are beginning to understand, interpret, plan for, and deploy. Along with Tidelift producing an SBOM from every application build, the company is actively working upstream with open source maintainers to validate and improve security, maintenance, and licensing metadata for their projects and capture this data using the TACOS (Trusted Attestation and Compliance for Open Source) attestation framework.
"The United States Air Force, and the Government as a whole, are among the largest consumers of open source software. With the increasing requirements around Software Supply Chain Risk Management (SCRM) and Software Bills of Materials (SBOM) initiatives, we are excited to partner with Tidelift to enhance cybersecurity resilience outcomes for open source software dependencies that support our most critical work," said Robert "Devo" DeVincent, Chief Software Officer, Air Force 309th Software Engineering Group.
Tidelift expands public sector organization to meet growing demand
Tidelift has named Matthew Arnow, a long-time veteran of Tidelift, to lead the newly expanded public sector team. Matthew heads up the team with extensive experience working with government and public sector clients.
“Tidelift looks forward to working more closely with our government and public sector customers and prospects to improve the resilience of our mission-critical open source infrastructure,” said Matthew Arnow, head of public sector for Tidelift. “Our unique approach of working directly with the maintainers behind thousands of important open source projects will help public sector customers comply with U.S. government security directives and meet necessary government and industry standards.”
Tidelift partners with Carahsoft to support public sector expansion
Tidelift has also partnered with Carahsoft, the leading government reseller partner, to help more quickly and effectively address the number of large public sector opportunities.
“Over the past year, we’ve seen increased demand from our customers for solutions that help improve open source software security and supply chain resilience,” said Natalie Gregory, vice president, Carahsoft. “We look forward to working with Tidelift and our reseller partners to deliver open source software supply chain risk management solutions to our government customers.”
About Tidelift
Tidelift, a 2022 Gartner Cool Vendor, helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers the tools, data, and strategies powering an inclusive and organization-wide approach to improving the health and security of the open source software supply chain. Tidelift enables organizations to move fast and stay safe when building applications with open source, so they can create more incredible software, even faster. https://tidelift.com/
Read More
EMERGING TECHNOLOGY
Businesswire | May 31, 2023
UiPath , a leading enterprise automation software company, announced its partnership with Peraton, a leading mission capability integrator and transformative enterprise IT provider, to deliver the UiPath Business Automation Platform as a cloud-based managed service to high-security environments within U.S. intelligence, defense, and civilian agencies.
Peraton specializes in helping essential government agencies overcome daunting challenges that require fast, reliable, and secure technology solutions. These valued customers require the highest levels of compliance and security to complete their missions. This partnership enables it to take advantage of the UiPath AI-powered automation platform in sensitive environments as a managed service – either via cloud or on-premises with expert support in automation scripting, implementation, and management. As a result, the customers will be able to rapidly scale in any mission area, take full advantage of higher productivity and increased visibility, enjoy enhanced insights with real-time situational intelligence, advance their digital transformation, and improve business outcomes within their unique customer environments.
Through this partnership, UiPath and Peraton allow customers to create and execute on automation strategies, drive mission agility, and orchestrate transformational impact for highly sensitive secure workloads. The AI-powered UiPath Platform offers unprecedented time-to-value by combining the leading robotic process automation (RPA) solution with a full suite of capabilities to understand, automate, and operate end-to-end processes.
“Automation can be a potent 'arrow in the quiver' for civilian, defense and the intelligence community—as well as for American businesses and citizens—as we move forward into a future of renewal, resilience, and readiness,” said Mike Daniels, Senior Vice President of Public Sector at UiPath. “With automation, implementations happen fast, and improvements are immediate. Our partnership with Peraton will enable us to jointly push automation out to the edge to effect where services are delivered, which leads to better outcomes and improved employee experiences.”
“Our partnership with UiPath will leverage the power of automation, AI, and machine learning to help tackle missions of consequence at greater scope and scale than before,” said Mike King, Chief Growth Officer at Peraton. “As national security continues to evolve, this partnership helps ensure our customers are utilizing market-leading solutions to achieve transformational impact and meet the challenges of tomorrow.”
Automation can be deployed to increase quality, reduce human error, increase compliance, strengthen controls environments, and add new services to an organization’s portfolio. The White House Executive Order (EO) on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government instructs federal agencies to modernize government programs and find ways to reduce costly, time-consuming administrative tasks—which are achievable in automation first organizations. Additionally, since the launch of the Federal Cloud Computing Strategy, government agencies have been migrating to the cloud to achieve scalability and reduce costs.
UiPath and Peraton combined to drastically improve processes at a U.S. defense agency. The customer needed to process hundreds of weekly metrics from data dispersed in disparate sources. With an automation solution from UiPath, the agency built highly scalable bots to fully automate the process, reducing the workload from many hours to 15 minutes. In addition, automation can be deployed to support federal and civilian agencies to manage future global events such as pandemics by processing and understanding data in real time.
About UiPath
UiPath is on a mission to uplevel knowledge work so more people can work more creatively, collaboratively, and strategically. The AI-powered UiPath Business Automation Platform combines the leading robotic process automation (RPA) solution with a full suite of capabilities to understand, automate, and operate end-to-end processes, offering unprecedented time-to-value. For organizations that need to evolve to survive and thrive through increasingly changing times, UiPath is The Foundation of Innovation™. For more information, visit www.uipath.com.
About Peraton
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies from threats across the digital and physical domains. Peraton supports every branch of the U.S. Armed Forces, and we serve as a valued partner to essential government agencies that sustain our way of life. Every day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit Peraton.com to learn how we’re safeguarding your peace of mind.
Read More
EMERGING TECHNOLOGY, CYBERSECURITY
Globenewswire | March 30, 2023
ConnectWise, the world’s leading software company dedicated to the success of IT solution providers (TSPs), is pleased to announce a new partnership with the Cybersecurity and Infrastructure Security Agency (CISA) Joint Cyber Defense Collaborative (JCDC) to enhance cybersecurity for MSPs.
The partnership aims to provide MSPs with the resources and tools necessary to strengthen their cybersecurity posture and protect their clients from cyber threats. As part of the collaboration, ConnectWise will work closely with CISA JCDC to develop new solutions and services that address the latest cybersecurity challenges faced by MSPs.
"We are thrilled to partner with CISA JCDC to help MSPs improve their cybersecurity practices," said Patrick Beggs, CISO of ConnectWise. "MSPs are on the frontlines of protecting businesses from cyber threats, and it's our responsibility to provide them with the best tools and resources to keep their clients safe."
CISA JCDC brings together experts from government, industry, and academia to collaborate on cybersecurity defense. Through this partnership, ConnectWise will have access to the latest threat intelligence, best practices, and training materials from CISA JCDC. In turn, ConnectWise will be well-positioned to share this information with MSPs to support ongoing efforts to defend against evolving cyber attacks. ConnectWise and CISA JCDC share a commitment to improving cybersecurity for businesses of all sizes, and this partnership is a significant step in achieving this goal.
The strength of ConnectWise’s leading Information Security (InfoSec) program is applied across its cyber defense practices and procedures. Ensuring a collaborative effort is in place across the digital landscape is a priority for the company; this partnership demonstrates their commitment to InfoSec principles and how it allows MSPs to connect with confidence.
About ConnectWise
ConnectWise is the world's leading software company dedicated to the success of IT solution providers (TSPs) through unmatched software, services, community, and marketplace of integrations. ConnectWise offers an innovative, integrated, and security-centric platform—Asio™—which provides unmatched flexibility that fuels profitable, long-term growth for partners. ConnectWise enables TSPs to drive business efficiency with automation, IT documentation, and data management capabilities and increase revenue with remote monitoring, cybersecurity, and backup and disaster recovery technologies.
About the Joint Cyber Defense Collaborative (JCDC)
Pursuant to new authority from Congress, the Cybersecurity and Infrastructure Security Agency (CISA) established JCDC in August 2021 to transform traditional public-private partnerships into real-time private-public operational collaboration and shift the paradigm from reacting to threats and vulnerabilities to proactively planning and taking steps to mitigate them. JCDC combines the visibility, insight, and innovation of the private sector with the capabilities and authorities of the federal cyber ecosystem to collectively drive down cyber risk to the nation at scale.
Read More