Cambridge, UK
Jun 21, 2022   |  By RKVST
RKVST SBOM Hub makes it easy to build supply chain transparency with zero trust fabric.
May 5, 2022   |  By Jon Geater
It has been nearly a year since the President Biden’s Executive Order 14028 catapulted Software Bills of Materials (SBOMs) from niche topic to the forefront of efforts to improve security of cyber supply chains. Since then not only have federal agencies including NIST and CISA delivered significant amounts of guidance and insight, but SBOMs have been the subject of intense debate across developer communities and beyond.
Mar 24, 2022   |  By RKVST
Guest Blog by Daniel Parmenvik – CEO of bytesafe.dev For many, Software Bill of Materials (SBOMs) have changed from a manual list of assets for due diligence procedures to become an integral and automated part of software development. The ever increasing appetite for open-source software translates into a need to keep track of software assets (or open-source dependencies) for all applications, at any given point in time.
Mar 15, 2022   |  By Jon Geater
Today we make RKVST available for public use with a free access tier so you can discover what a Zero Trust Fabric can do for you. From tracking software supply chain lifecycles to nuclear waste, RKVST is a powerful tool that builds trust in multi-party processes, when it’s critical to have high assurance in data for confident decisions. But before going all the way you can start simple: tracking software releases and contents with SBOMs.
Feb 23, 2022   |  By Rob Brown
Since President Biden’s Executive Order last spring, the industry has been racing to define, standardise and now produce SBOMs to describe the hundreds of thousands of software products sold to and used by federal government and beyond. So far, little thought has been given to the management of SBOMs in practice. Finding the right SBOMs for all the software an organisation relies upon can already feel like hunting for needles in haystacks.
Jan 26, 2022   |  By Rob Brown
Jitsuin met Meterian in the NCSC Cyber Runway Accelerator launched in November 2021. What we quickly realized is that automated generation and permissioned sharing of SBOMs would save valuable time in vulnerability discovery and mitigation. So we moved fast to fix things! The integration between Meterian’s Boost Open-Source Software Scanner (BOSS) and Jitsuin’s RKVST SBOM Hub enables software publishers to automatically generate, store and distribute SBOMs in public or private.
Jan 25, 2022   |  By Rob Brown
The whole point of an SBOM is lost if you keep it a secret. Here we reveal our secrets of the ideal SBOM exchange. Let us know if we’ve missed anything in RKVST SBOM Hub. SBOMs are made for sharing and are the gifts that keep on giving, but only if they get to the right place at the right time to drive the right critical decision. The first critical decision, or moment of truth, is whether to buy a vendor’s product.
Dec 15, 2021   |  By Rob Brown
The timing of CISA’s SBOM-a-rama today and tomorrow coincides with the fallout from the “vulnerability of the decade” gifting the industry with yet another example of why scaling and operationalizing the widespread use of SBOMs is so vital. Log4Shell is a 10/10 vulnerability in a hugely popular Java logging library – Log4j – used in virtually every online service. For two decades it was considered harmless, that is until last week when somebody found it wasn’t.
Dec 2, 2021   |  By Rob Brown
Today we’re pleased to announce the RKVST SBOM Hub – the first place to find and fetch SBOMs. RKVST SBOM Hub is a secure, immutable, any-to-any framework that integrates into both publisher and subscriber workflows to massively simplify the effective sharing of SBOMs to help all parties comply with the Executive Order. Try it out for yourself here.
Nov 17, 2021   |  By Rob Brown
The Presidential Executive Order made it clear that the status quo, where the hidden vulnerabilities in cyber supply chains left doors wide open to attackers, can no longer be allowed to persist. It correctly identified transparency as the key principle to build trust and Software Bills of Material as a critical first step of the solution. But while much of the current debate is focused on how to build SBOMs, further and deeper thinking is needed on how to share them.
Feb 23, 2022   |  By RKVST
This video demonstrates how Device Authority privately distribute their SBOM in RKVST while advertising its location on SBOM Hub.
Jan 26, 2022   |  By RKVST
Meterian has integrated SBOM distribution to the RKVST SBOM Hub within the BOSS Scanner, making it easy for developers to put SBOMs to work in their own organisations and for their customers.
Jan 26, 2022   |  By RKVST
Some SBOMs can be shared widely. Many SBOMs will need to be shared in private. RKVST SBOM Hub makes it easy to find and fetch both public and private SBOMs. Private SBOMs can be advertised with a refBOM - but only those with the right permissions can see the full SBOM.
Oct 7, 2021   |  By RKVST
Businesses increasingly use external data to make critical decisions. The wrong data leads to bad decisions that import risk, impair reputation, and imperil revenue. Zero-Trust, Critical Shared Assets, Trustworthy AI – all need instant answers to a common question: Who Did What When? RKVST is the infostructure that unites developers and business users in assuring shared data drives the right critical outcomes.
Oct 7, 2021   |  By RKVST
RKVST is the perfect tool to publish and subscribe to SBOMs. SBOMs need Provenance, Governance and Immutability to build confidence, prove who did what when and meet the Executive Order.
Sep 16, 2021   |  By RKVST
Co Founder & CTO Jon Geater introduces RKVST and three customer uses| Sharing Software Bill of Materials - SBOM| Sharing Critical Asset Records| Trustable AI

RKVST is a service for developers to continuously prove who did what when which brings confidence in critical business decisions.

RKVST’s Zero Trust Fabric approach empowers enterprises with the benefits of DLT and trustworthy supply chain visibility through a simple agentless API that integrates easily with existing software, systems, and security policies, enabling you to continuously verify then trust data that originates outside your domain of control before making critical decisions.

Key Features:

  • Provenance: Proof of origin and life history. Continuously capture the full lineage and pedigree of assets. Help your users identify the who, what, and when of ownership, maintenance, audits, and change approval for critical assets.
  • Governance: Producers can precisely control information flows to the right users at the right time – inside and outside your organization. Put your business users in control of sharing policies.
  • Immutability: An unbreakable chain of evidence is preserved for all stakeholders. Continuous assurance and reliable access to data enables faster, more confident critical decisions.

If you rely on shared data with your supply chain partners you need a zero trust fabric.