To aid the Cybersecurity and Infrastructure Security Agency (CISA) in its efforts to strengthen software security and manage risks to the software supply chain, the Department of Homeland Security is seeking proposals from startup and technology companies for tools to gain visibility into software supply chains.
The call for Software Supply Chain Visibility Tools was issued by the DHS Science and Technology Silicon Valley Innovation Program (SVIP), which taps venture capital-backed and other small technology companies for their ability to quickly bring commercial solutions to help solve DHS needs.
The visibility tools sought by the SVIP program would help in creating an inventory, or software bill of materials (SBOM), that lists the software components, their dependencies, and other information about the components to understand the risks within the supply chain.
“Tools that support wide availability of trustworthy SBOMs can enable stakeholder visibility into software supply chains and new risk assessment capabilities,” the SVIP says in the call against its five-year Other Transaction Solicitation (OTS). “We intend to energize the market to provide SBOM-based capabilities for stakeholders within the enterprise, system administrator and software developer communities.”
An OTS allows contracting authorities to award contracts relatively quickly.
Last December, CISA hosted an SBOM-a-Rama focused on current capabilities and work to make the inventorying easier, cheaper, more scalable and more effective. CISA’s work is part of the Commerce Department’s National Telecommunications and Information Administration’s oversight of a collaborative effort to advance SBOMs.
The technical topic areas that DHS is seeking technologies and solutions for include foundational open-source libraries, automated SBOM generation, SBOM enabled vulnerability visualization, SBOM enabled IDE plug-in, and SBOM enabled SIEM plug-in.
DHS expects to make awards for up to four phases, with each interval lasting between three and nine months. The Phase 1 awards will be worth up to $200,000 with subsequent phases funded up to $500,000, with total funding between $200,000 and $1.7 million for an awardee that is selected for all four phases.
DHS will host an industry day on July 14. Applications for the program are due by Oct. 3.