RKVST and Meterian Integration Automates Production and Secure Distribution of SBOMs

Partnership an early success of Cyber Runway Accelerator launched in November 2021

RKVST™, Inc (formerly Jitsuin), a pioneer in continuous assurance of critical assets, and Meterian, a leader in software automation and vulnerability detection, have teamed up to offer software publishers automated creation and secure distribution of Software Bills of Material (SBOMs). The integration between Meterian’s Boost Open-Source Software Scanner (BOSS) and RKVST SBOM Hub enables software publishers to automatically generate, store and distribute SBOMs in public or private.

“We created Cyber Runway to encourage more collaboration between cyber startups in the ecosystem. Our members RKVST and Meterian integrating their technologies, spotting synergies and building a new solution together is a perfect example of this.”

Both products can be found on the CycloneDX directory of SBOM tools and offer a free-tier plan for software developers or subscribers to easily access, test, and use the integrated solution.

Events over the past several months, from the SolarWinds attack, the Cybersecurity Executive Order to the Log4j vulnerability, have all highlighted the urgent need to quickly identify and mitigate software supply chain risks and improve resilience in today’s hyper connected world. SBOMs are a key element of the solution, but only work if they are trustworthy, actionable, and properly distributed. Existing manual processes such as emailing PDFs and spreadsheets are unscalable, error-prone and threaten to create significant administrative burdens that undermine the utility of SBOMs. The RKVST-Meterian integration solves this problem.

Meterian’s BOSS Scanner is a vulnerability detection and risk management system that delivers comprehensive component licensing and security control while automatically generating SBOMs. RKVST’s recently launched SBOM Hub is the first shared repository for publishers and subscribers to find and fetch the SBOMs they need. The integration of these two products allows software publishers to easily store, retrieve, publish, and distribute SBOMs with full governance.

• Developers, InfoSec and Governance Risk & Compliance teams can collaborate to mitigate vulnerabilities.
• Authorized SBOM consumers can automatically retrieve the latest updates with full provenance and immutable history.
• SBOM consumers can act fast on the latest data knowing it is trustworthy.

“We are thrilled to partner with RKVST to foster a trusted, safe and secure exchange of SBOM and vulnerability data to improve the safety and trust in the systems of our hyperconnected world,” said Vivian Dufour, CEO of Meterian.

“SBOMs can be the gifts that keep on giving, but only when shared in the right places,” said Rusty Cumpston, CEO RKVST. “Meterian has moved incredibly fast to lead the way in automated SBOM distribution by connecting the BOSS Scanner to RKVST within one working day. This should pay dividends in time saved for the software community when the next critical vulnerability comes along.”

Saj Huq, Director of Innovation at Plexal, said: “We created Cyber Runway to encourage more collaboration between cyber startups in the ecosystem. Our members RKVST and Meterian integrating their technologies, spotting synergies and building a new solution together is a perfect example of this.”

“It’s great to see two suppliers listed in the CycloneDX tool centre collaborate to set out a vision of how SBOMs can be automatically created and distributed,” said Patrick Dwyer, co-leader of the CycloneDX project at OWASP. “We want the community to innovate together to deliver new solutions and new value to help build cyber supply chain resilience – this is a great example.”

Chris Ensor, NCSC Deputy Director for Cyber Skills and Growth, said: “NCSC for Startups was created to support the growth and development of the next generation of UK’s cyber security companies. Seeing alumni like Meterian responding rapidly to enable users to get confidence from the software they use, supporting the ‘Secure by Design’ approach, highlights the value of such innovation programmes.”

Dan Patefield, Head of Programme, Cyber and National Security at techUK, said: “SME-led innovation is key to accelerate solutions needed in the software-driven industry. We’re pleased to see one of our Cyber Innovation Den finalists grow and build technology partnerships to address current problems that are relevant and pressing to continually improve cybersecurity.”

About RKVST

RKVST brings confidence for fast critical decisions in uses that range from handling nuclear waste to resolving cybersecurity risks. The RKVST SaaS platform delivers verifiable digital trust between organisations. It tracks provenance, governs data access and creates immutable histories of asset and event exchanges. RKVST is created in Cambridge, UK by a team skilled in cryptography, system security, SaaS, DevOps and blockchain. RKVST is privately funded with headquarters in Santa Clara, USA. Go to RKVST.com and follow @rkvst_inc on Twitter

About Meterian

Meterian’s fast, AI-powered “invisible security” platform is designed for maximum precision, interoperability and efficiency. Forward-thinking developers and security officers of innovative organisations get instant information to make data-driven decisions for comprehensive risk control of components in their open-source software supply chain. Customers include companies from financial, health, information, technology, and cybersecurity services sectors. Meterian is headquartered in London, UK and backed by global technology and cybersecurity investors. For more information about Meterian, visit meterian.ioand follow @MeterianHQ on Twitter