BlackBerry Jarvis becomes one of the first software composition analysis tools to provide turnkey cyber security assurance in compliance with President Joe Biden’s cyber security executive order.
BlackBerry Limited has introduced a new feature of BlackBerry Jarvis, the company’s software composition analysis tool, which enables those doing business with the US Federal government to comply with the recent software bill of materials (SBOM) requirement from President Biden’s Executive Order on Improving the Nation’s Cybersecurity.
Executive Order 14028 requires any vendor, supplier, or provider of technology solutions to the US government to provide a full SBOM and demonstrate other cyber security management measures to ensure that any security vulnerabilities in the software supply chain of the nation’s critical infrastructure are identified and remediated immediately.
In response to the new standard, BlackBerry QNX has added a specific capability to BlackBerry Jarvis that enables users to efficiently generate a comprehensive SBOM report that follows the Software Package Data Exchange (SPDX) report standard, one of the standards to support the US government and other regulatory bodies.
Available in early 2022, BlackBerry Jarvis will become one of the first software composition analysis tools to provide this key feature to embedded software developers whose products are used by the Federal government. This is designed to empower these developers to keep software secure from all known issues based on the speedy and actionable intelligence provided by the tool.
According to Adam Boulton, chief technology officer at BlackBerry Technology Solutions, as multiple government and vertical-specific safety and security standards emerges, the need to have confidence in one's codebase has taken on a new level of importance.
"Particularly during a time in which multiple cyber security attacks have illustrated vulnerabilities present within the digital infrastructure of the US Federal government," Boulton said.
"BlackBerry Jarvis enables embedded software developers to demonstrate compliance, track software quality metrics and continuously harden their system so that it becomes more resilient to increasingly cunning attacks.
"With BlackBerry Jarvis’ new ability to generate an SBOM report in the US government’s mandated format, it’s now become an even more invaluable tool to procurement officers tasked with managing the nation’s cyber security and software supply chain risk," Boulton concluded.
Hiten Shah, senior analyst at Frost & Sullivan, added that BlackBerry Jarvis meets the needs of the embedded software industry, allowing developers to gain deep visibility into the provenance of their software while automating the key steps in the binary scanning process in order to produce an SBOM.
"Complying with this specific requirement in Biden’s cyber security executive order is something which policymakers around the globe will no doubt roll out with ever more frequency in the face of a threat landscape that only seems to be growing in scale and complexity."
"To that end, BlackBerry Jarvis helps OEMs bring trust, transparency and above all – peace of mind – into their software supply chains," Shah said.