TEL AVIV, Israel, Sept. 29, 2022 / — With USD 34M in funding from Evolution Equity Partners, Team8, and M12, Microsoft’s venture fund, with support from Rain Capital, Ox Security, the end-to-end software supply chain security platform for DevSecOps, came out of stealth. Neatsun Ziv and Lior Arzi, two prominent Check Point executives, formed OX less than a year ago. Kaltura and Bloomreach are just two of the notable businesses that already use this platform to protect their software supply chains.
The executive order mandating suppliers to furnish a software bill of materials, was issued last year in response to the growth in software supply chain breaches like the SolarWinds hack (SBOM). This collection of software “ingredients” can assist security teams in determining whether a recently discovered vulnerability affects them. Industry experts warn that it isn’t thorough enough to stop assaults or solve the difficulties in safeguarding today’s dynamic software supply chains.
According to Admiral Mike Rogers, a former director of the NSA:
“The adoption of SBOM is a key step, but it isn’t adequate to maintain the security and integrity of software supply chains.” “With the static list of software components in an SBOM, recent high-profile breaches, such as those that compromised SolarWinds, Codecov, and Log4j, could not have been found or stopped. By requiring conformity with a standard that has nothing to do with security, there is a significant danger of giving people a false sense of security.”
Together with top cybersecurity-conscious businesses, OX is creating a new open standard called PBOM to address these problems. The SBOM is included in the Pipeline Bill of Materials (PBOM). Still, it goes further by covering not just the code in the finished product but also the practices and processes that impacted the software during its development. Over 70 attacks from the previous year were the subject of intense investigation by OX and its allies. The PBOM was primarily created to include the data that would have been required to foil each of the recent attempts.
According to Neatsun Ziv, CEO, and co-founder of OX:
“Developers and DevOps make regular modifications to the software supply chain, introducing new tools, open source components, and SaaS services.” DevSecOps teams have the required context and control to assure security thanks to the OX platform, which provides real-time, end-to-end visibility into all factors that impact software through the entire pipeline.
More about the startup:
To automatically generate a complete mapping of assets, apps, and pipelines, OX establishes a connection to an organization’s code repository and conducts a scan of the environment from code to the cloud. OX recognises the security tools in use, confirms that they are all linked and functional, and decides whether additional tools are required. Following the scan, OX exposes any security concerns discovered, prioritised by their business effect, along with context, automated solutions, and suggestions.
This gives DevSecOps teams the tools they need to address their cybersecurity backlog. A PBOM, which may be automatically generated and shared with internal stakeholders or customers, can include an SBOM, version lineage, SaaSBOM, build hashes, and more. This allows them to confirm that their software is derived from trusted, secure builds.
We try our best to fact-check and bring the best, well-researched, and non-plagiarized content to you. Please let us know
-if there are any discrepancies in any of our published stories,
-how we can improve,
-what stories you would like us to cover and what information you are looking for, in the comments section below or through our contact form! We look forward to your feedback, and thank you for stopping by!