Jitsuin met Meterian in the NCSC Cyber Runway Accelerator launched in November 2021. What we quickly realized is that automated generation and permissioned sharing of SBOMs would save valuable time in vulnerability discovery and mitigation.
So we moved fast to fix things! The integration between Meterian’s Boost Open-Source Software Scanner (BOSS) and Jitsuin’s RKVST SBOM Hub enables software publishers to automatically generate, store and distribute SBOMs in public or private.
Both products can be found on the CycloneDX directory of SBOM tools. Watch the video to see how they work together.
SBOMs are a key element that boosts transparency, but only work if they are trustworthy, actionable, and properly distributed. Existing manual processes such as emailing PDFs and spreadsheets are unscalable, error-prone and threaten to create significant administrative burdens that undermine the utility of SBOMs. The Jitsuin-Meterian integration solves this problem.
Meterian’s BOSS Scanner is a vulnerability detection and risk management system that delivers comprehensive component licensing and security control while automatically generating SBOMs. The RKVST SBOM Hub is the first shared repository for publishers and subscribers to find and fetch the SBOMs they need. The integration of these two products allows software publishers to easily store, retrieve, publish, and distribute SBOMs with full governance.
- Developers, InfoSec and Governance Risk & Compliance teams can collaborate to mitigate vulnerabilities.
- Authorized SBOM consumers can automatically retrieve the latest updates with full provenance and immutable history.
- SBOM consumers can act fast on the latest data knowing it is trustworthy.
“We are thrilled to partner with Jitsuin to foster a trusted, safe and secure exchange of SBOM and vulnerability data to improve the safety and trust in the systems of our hyperconnected world,” says Vivian Dufour, CEO of Meterian.
“SBOMs can be the gifts that keep on giving, but only when shared in the right places,” said Rusty Cumpston, CEO Jitsuin. “Meterian has moved incredibly fast to lead the way in automated SBOM distribution by connecting the BOSS Scanner to RKVST within one working day. This should pay dividends in time saved for the software community when the next critical vulnerability comes along.”
Saj Huq, Director of Innovation at Plexal, said: “We created Cyber Runway to encourage more collaboration between cyber startups in the ecosystem. Our members Jitsuin and Meterian integrating their technologies, spotting synergies and building a new solution together is a perfect example of this.”
“It’s great to see two suppliers listed in the CycloneDX tool centre collaborate to set out a vision of how SBOMs can be automatically created and distributed,” said Patrick Dwyer, co-leader of the CycloneDX project at OWASP. “We want the community to innovate together to deliver new solutions and new value to help build cyber supply chain resilience – this is a great example.”
Chris Ensor, NCSC Deputy Director for Cyber Skills and Growth, said: “NCSC for Startups was created to support the growth and development of the next generation of UK’s cyber security companies. Seeing alumni like Meterian responding rapidly to enable users to get confidence from the software they use, supporting the ‘Secure by Design’ approach, highlights the value of such innovation programmes.”
Dan Patefield, Head of Programme, Cyber and National Security at techUK, said: “SME-led innovation is key to accelerate solutions needed in the software-driven industry. We’re pleased to see one of our Cyber Innovation Den finalists grow and build technology partnerships to address current problems that are relevant and pressing to continually improve cybersecurity.”