Are you getting ready for the upcoming Black Hat USA 2024 event, an
internationally recognized cybersecurity event providing the most
technical and relevant information security research, now in its 27th
year. The
event is quickly approaching, taking place August 3-8, 2024, returning
to the Mandalay Bay Convention Center in Las Vegas, NV with a 6-day
program.
Ahead of the show, VMblog received an exclusive interview with Javed Hasan, CEO of
Lineaje, a leader in continuous software supply chain security management. Make sure to add them to your
MUST SEE list.
VMblog: Before we get into it, can you give us
a quick overview of the company? What
should folks know?
Javed Hasan: Of
course. Lineaje is a leader and pioneering force in the continuous software
supply chain security management space. Our company provides a comprehensive
governance platform via four integrated products (SBOM360,
SBOM360 Hub, Open Source
Manager, and Third Party
Risk Manager) for companies that source, build, buy, or
use software. Our goal is to empower
organizations to secure their software by mitigating risks and maintaining
compliance with today's latest software mandates.
VMblog:
Black Hat is known for its energetic and interactive booths. What unique
experiences or demonstrations do you have planned to engage attendees at your
booth? What will you be showing off at the show this year?
Hasan: While
company representatives will be available at Startup City, Booth SC212 for
briefings and demos , the real excitement for us at Black Hat will be our
inaugural Software Supply Chain Security Summit on Tuesday, Aug.6 at the Wynn Hotel.
The
Software Supply Chain Security Summit will feature panels and presentations
with industry experts from companies like Fannie Mae, Mitre, Traceable,
Exabeam, and Trellix discussing how to navigate today's software vulnerability
landscape, open-source trends, pain points, regulations, and more. Attendees
can come and go as they please, and it will conclude with an opportunity to
network with cocktails and snacks in the evening.
VMblog: Is this your first time sponsoring
Black Hat? If not, how many times have
you sponsored before? And, what keeps
you coming back?
Hasan: It is
Lineaje's second time sponsoring Black Hat.
Software
supply chain security is the No.1 priority on today's security professionals'
minds. Black Hat presents a unique opportunity to bring the best of the best in
security together to disect the threats to the software supply chain.
VMblog:
What is your message to Black Hat attendees coming out to the show this
year? If they take back one message about your company, what should it be?
Hasan: The
time to maintain and protect your software supply chain is now. Your company
simply can't afford to be a sitting duck waiting for an attack or to be doled a
significant fine for failing to comply with software regulations. Let Lineaje
aid your team with the industry's only holistic, comprehensive software supply
chain management and security solution.
VMblog:
Black Hat attendees are known for being security professionals at the
forefront of the industry. What specific challenges do you anticipate they'll
be facing, and how will your solutions help them overcome those challenges?
Hasan: We all
just watched the world completely halt with the recent CrowdStrike outage.
While not caused by a cyberattack, the incident exposed critical flaws in the
interconnected software world that we live in and taught us three extremely
important lessons:
- The software that you build has a direct runtime dependency on
the software you do not build.
- Any software that you buy and its "independent updates" have a
significant impact on your organization.
- Your company's application dependency chain includes the software
that you build, source, and buy.
Combined
with the fact that over three-quarters of today's software
supply chains were exposed to attacks in the last 12 months, security
professionals have software supply chain security and management at the top of
their minds.
The
crux of these problems boils down to visibility into the deepest software
dependencies. Lineaje can help because it is the only company that can
accurately discover the complete software supply chain, assess its inherent
risks and classify them according to levels of impact, and then provide
intelligent recommendations on what to fix first. Because we're the only
company that can detect code tampering across the entire software ecosystem -
from source code, binaries, images, APKs, etc. - security professionals can
have true peace of mind (even with open-source software.)
VMblog:
What are some of the key takeaways of your solution that Black Hat
attendees should be aware of?
Hasan: As I
mentioned before, Lineaje has four integrated products. Here are the key
takeaways for each:
- SBOM360
(Build Better Software) - SBOM360 is the industry's first software bills
of materials (SBOM) manager that supports the full life-cycle management of
large software factories, and efficiently manages thousands of SBOMs for all
software you source, build, sell/deploy, or buy.
- SBOM360
Hub (Sell Better Software) - SBOM360 Hub is the industry's first SBOM
repository that connects software producers, consumers, and sellers to enable
them to publish, share, and use compliant SBOMs and related compliance
artifacts.
- Open-Source
Manager (Source Better Software) - Open-Source Manager is a
comprehensive, first-of-its-kind solution that brings transparency to
open-source software components in applications to manage and mitigate
associated risks.
- Third-Party
Risk Manager (Buy Better Software) - Our Third-Party Risk
Manager assesses security risks in every software an organization buys and
automatically detects any security policy violations.
We
have Lineaje AI embedded in each of our four products. With BOMbots with
Lineaje AI, organizations can analyze deep SBOMs and receive optimized
recommendations and remediations across the entire supply chain, reducing
software maintenance by 40% and cutting upgrade costs by the same amount.
VMblog:
The market is a crowded space.
What is it about your company and technology that sets you apart from
the competition? What are your
differentiators?
Hasan: The
sheer breadth and depth of Lineaje's solution differentiates us from each of
our competitors. While multiple companies offer single features of software
supply chain management, governance, and security such as dependency
management, open-source reputation, attestation, SBOM publishing, etc. - not
one can do all (except for Lineaje).
VMblog:
Is your company launching anything new at the show? Without giving too much away, can you give us
a sneak peek?
Hasan: While
we are not launching any new products or features at the show, we will just be
coming off of announcing our Series A funding. The
$20 million investment was led by Prosperity7 Ventures,
Neotribe,
and Hitachi Ventures,
alongside existing investor Tenable Ventures.
We also received participation from Carahsoft,
the world's largest software distributor serving the U.S. Government, Wipro
Ventures, Secure Octane Investments,
J-Ventures and Alumni Ventures,
and other top cybersecurity leaders.
It's a
very exciting time for our company. We are planning to use the funds to
accelerate our customer acquisition, fortify our AI-powered platform, expand
our BOMbots insights, and more.
VMblog:
What are some of the top priorities security leaders should be
considering for 2024?
Hasan: Security
teams are laser-focused on preventing attacks on AI software once it is
deployed, but I would advise them to take a step back. To truly protect AI
applications, and the entire software ecosystem as a result, it is critical
that both developers and security teams know the creators of AI models along
with any potential bias to avoid gaps in security posture. I suspect that few
security professionals have contemplated the role that the lineage of AI,
especially if it contains open-source software components, plays in protecting
the software supply chain.
VMblog:
Looking ahead, what excites you most about the future of cybersecurity,
and how do you see your company playing a role in shaping it?
Hasan: Software
is the lifeline of today's modern organization, and we're excited to see how it
evolves over the next few years. We're in the manifest destiny era of digital
transformation. With continual advancements in AI, it will be incredible to see
what security professionals can do to make a safer digital world. Lineaje is
proud to be a pioneer in the space and looks forward to continuing to be the
go-to source for knowledge on software supply chain security, governance, and
management.
VMblog:
Beyond your specific offerings, what valuable cybersecurity knowledge or
insights can you share with Black Hat attendees visiting your booth?
Hasan: On our
LinkedIn page, the Lineaje AI Labs
team regularly shares what we call our "Chart of the Week." The Chart of the Week includes the latest
research on all things that security professionals need to know about the
latest threats, vulnerabilities, and attack methods in the software supply
chain. For anyone interested, our Lineaje AI Labs members would be happy to
chat about the latest research we're working on.
##