DHS awards SBIR contract to ObjectSecurity for Software Supply Chain Identification for Compiled Binary Executables
San Diego, Calif. – May 20, 2021 – ObjectSecurity, The Security Automation Company, today announced that it has been awarded a Small Business Innovation Research (SBIR) contract from the US Department of Homeland Security (DHS) Science and Technology Directorate. As stated in the original solicitation entitled, “Software Supply Chain Identification for Compiled Binary Executables”, the Phase I SBIR focuses on developing a novel capability to analyze compiled binary executables for Windows systems that can detect and report embedded software library information in multifaceted software packages. The proposed solution for supply chain risk management and provenance of binary applications will process binary applications and their libraries, and create reports.
The project, carried out by ObjectSecurity LLC, aims for successful technology development and transition that will result in addressing a gap that leaves out a significant portion of the software market used daily by professionals and government employees, especially in software that is used and no longer maintained, or “free”: As also stated in the solicitation, the research will enable organizations to more strategically assess, rank, and prioritize security mitigation efforts in order to maintain a high-level of work efficiency and security throughout their organizations.
“The award of this Phase I SBIR grant is an important milestone for ObjectSecurity and underscores the strength of our science innovation that underwent rigorous peer review. It allows us to prioritize research efforts into needed features for the DHS,” said Ulrich Lang, CEO of ObjectSecurity. “SBIR contracts allow us to research and develop advanced concepts that feed into rapid product development, enabling us to commercialize next-generation innovative products that will bring tremendous value to the DHS, and our customers across all industries. Most of our solutions leverage state-of-the art approaches such as Artificial Intelligence and Machine Learning (AI/ML). We are committed to leading this initiative with the DHS to protect DHS’s systems from adversaries by delivering advanced next-generation technology solutions.”
The federally-funded Small Business Innovation Research (SBIR) / Small Business Technology Transfer (STTR) program is a highly competitive program that encourages domestic small businesses to engage in research and development that has significant potential for commercialization of innovative products, and their eventual transition into DHS programs. The program’s chief role is to bridge the gap between the performance of basic science and the commercialization of resulting innovations.
ObjectSecurity LLC is The Security Automation Company. A privately held company based in San Diego, CA, ObjectSecurity’s mission is to reduce cybersecurity effort, complexity, and cost through innovative cybersecurity automation technologies, including security policy automation, supply chain risk analysis automation, and vulnerability assessment automation.
- “AI hacker” automation: ObjectSecurity VAPTBOX, an ongoing commercialization of the just-funded SBIR Phase II, is an intelligent automated vulnerability assessor and penetration tester that uses artificial intelligence to adapt. In 2019, we received a multi-million, multi-year government investment to fully develop VAPTBOX.
- Supply chain risk analysis automation: ObjectSecurity SCRAMS analyzes procurement data and microelectronics for supply chain risks. In 2019, we added analysis support for SAP, and circuit board risk analysis as a finalist at an AFWERX Challenge.
- Security policy automation: ObjectSecurity OpenPMF offers powerful yet manageable technical security policy implementation. In 2019, we improved user and dev experience, and increased the reach of our consistent “umbrella” platform – covering people, process, tech layers, and policies (ABAC & more). ObjectSecurity was selected “Cool Vendor” by Gartner for OpenPMF.