U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

  1. Science and Technology Directorate
  2. News Room
  3. S&T Seeks Solutions for Software Artifact Dependency Graph Generation

News Release: DHS S&T Seeks Solutions for Software Artifact Dependency Graph Generation

Release Date: August 16, 2024

FOR IMMEDIATE RELEASE
S&T Public Affairs, 202-286-9047

Solicitation Aims to Enhance the Security, Reliability and Efficiency of the Software People Use Daily

WASHINGTON – The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced a new solicitation seeking Software Artifact Dependency Graph (ADG) Generation capabilities to better understand, manage, and reduce risk to the software that powers cyber and physical infrastructure. Administered by S&T’s Silicon Valley Innovation Program (SVIP) in partnership with DHS’ Cybersecurity and Infrastructure Security Agency (CISA), the solicitation provides selected companies each with up to $1.7 million in non-dilutive funding over four phases to develop and adapt commercial technologies for homeland security use cases.

Software ADGs help identify and track every source code file that is incorporated into a piece of software without any effort from developers. By enabling automatic visibility and verification of what goes into a piece of software, this capability enhances software vulnerability management, ensures safer and more stable applications, and ultimately helps reduce the risk of cyberattacks that can compromise personal data and privacy.

Software ADGs are intrinsic identifiers that are unique to a software component’s contents. They can provide actionable information regarding the dependencies the software incorporates, which increases transparency in software composition and provides standard, machine-readable decision support at an enterprise scale.

“The challenge to accurately and reliably identify software is as old as software itself,” said Aeva Black, CISA's Section Chief for Open Source Software Security. “Scaling artifact dependency graph generation will improve open source ecosystems’ secure by design practices and empower network defenders to more easily and more accurately respond to emerging vulnerabilities.”

“Through this partnership with startups working with the open source software community, we hope to advance public progress toward greater visibility and transparency of the global software supply chain,” said Melissa Oh, SVIP Managing Director. “By incorporating these open source foundational capabilities into value-added products and services, we’re both mitigating software vulnerabilities and baking in security.”

This solicitation seeks foundational open source capabilities for compiled languages, interpreted languages and packaging systems, as well as value-added services that utilize the foundational capabilities to accelerate progress in the domains of software composition analysis and vulnerability management to complement and enhance existing approaches to software identification.

The deadline for submitting applications for the solicitation is 3:00 PM ET on December 16, 2024.

Additionally, an Industry Day for interested applicants to learn about the solicitation will be held both virtually and in-person in Menlo Park, CA on October 17, 2024. To register, visit: https://sri-csl.regfox.com/svip-swadg-industry-day.  

###

Last Updated: 08/16/2024
Was this page helpful?
This page was not helpful because the content