Date: 03/06/2024

Vendor: Dark Sky Technology

Technology/Topic: Software Assurance and Intelligence for Measuring Trust in Open-Source Software            

URL: https://www.darkskytechnology.com

TEM Video (milTube): https://www.milsuite.mil/video/watch/video/68042

Dark Sky Technology TEM Slide DeckDownload

______________________________________________

Welcome to the Technical Exchange Meeting (TEM)!

Dark Sky Technology is securing the world of software that powers our nations’ most critical systems, devices, and applications by identifying threats, untrusted code, malicious contributors, and cyber attacks in open-source software. Our platform, Bulletproof Trust, is a scalable software assurance and intelligence tool that measures the trustworthiness of open-source packages AND their contributors. It scours nearly 500 sources of online intelligence to assess the health and status of and identify malicious, criminal, or sanctioned contributors in open-source packages and their dependencies. This advanced analytics on open-source packages protects the software supply chain and enables our customers to deploy secure, reliable, trusted software with confidence.

Bulletproof Trust is a TRL9 (fielded) product that can be used as a hosted (SaaS) service or deployed on-prem in closed or classified environments. Customers can leverage Bulletproof Trust’s web interface to manage API keys, manage and assess SBOMs, and visualize risks and trust information on open-source software packages. They can also integrate Bulletproof Trust into their CI/CD pipeline by accessing the raw information through the provided API.

Throughout its use by Government and DoD customers, Bulletproof Trust has analyzed millions of contributors and just as many open-source software packages. During this time, we have uncovered packages with contributions from State Department and DoD restricted entities lists, contributions from Russian companies masquerading as American companies, and packages with known vulnerabilities, malware, and support and maintenance issues. We are happy to share this capability and these findings with your organization through a presentation, live demonstration, and discussion.  

______________________________________________

To join the DISA TEM mailing list, please contact: disa.tem@mail.mil

______________________________________________

Disclaimer:

— TEMs do not serve as a marketing venue or request for proposal actions.

— TEMs shall not be interpreted as a commitment by the Government to issue a solicitation or ultimately award a contract.

— TEMs do not serve as an endorsement of any presented technologies or capabilities

— Presentations will not be considered as proposals nor will any awards be made as a result of a TEM session.

— TEMs are public open forums – no proprietary or sensitive information should be presented during TEM sessions. Only publicly-facing content is permissible in DISA TEM sessions.  

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.