Virtualization Technology News and Information
Article
RSS
Black Hat USA 2024 Q&A: Lineaje Will Showcase Its Software Supply Chain Security Management Solution

blackhat-vmblog-qa 

Are you getting ready for the upcoming Black Hat USA 2024 event, an internationally recognized cybersecurity event providing the most technical and relevant information security research, now in its 27th year.  The event is quickly approaching, taking place August 3-8, 2024, returning to the Mandalay Bay Convention Center in Las Vegas, NV with a 6-day program. 

Ahead of the show, VMblog received an exclusive interview with Javed Hasan, CEO of Lineaje, a leader in continuous software supply chain security management.  Make sure to add them to your MUST SEE list.

Lineaje Logo 

VMblog: Before we get into it, can you give us a quick overview of the company?  What should folks know?

Javed Hasan:  Of course. Lineaje is a leader and pioneering force in the continuous software supply chain security management space. Our company provides a comprehensive governance platform via four integrated products (SBOM360, SBOM360 Hub, Open Source Manager, and Third Party Risk Manager) for companies that source, build, buy, or use software.  Our goal is to empower organizations to secure their software by mitigating risks and maintaining compliance with today's latest software mandates.

VMblog:  Black Hat is known for its energetic and interactive booths. What unique experiences or demonstrations do you have planned to engage attendees at your booth? What will you be showing off at the show this year?

Hasan:  While company representatives will be available at Startup City, Booth SC212 for briefings and demos , the real excitement for us at Black Hat will be our inaugural Software Supply Chain Security Summit on Tuesday, Aug.6 at the Wynn Hotel. 

The Software Supply Chain Security Summit will feature panels and presentations with industry experts from companies like Fannie Mae, Mitre, Traceable, Exabeam, and Trellix discussing how to navigate today's software vulnerability landscape, open-source trends, pain points, regulations, and more. Attendees can come and go as they please, and it will conclude with an opportunity to network with cocktails and snacks in the evening.

VMblog: Is this your first time sponsoring Black Hat?  If not, how many times have you sponsored before?  And, what keeps you coming back?

Hasan:  It is Lineaje's second time sponsoring Black Hat.

Software supply chain security is the No.1 priority on today's security professionals' minds. Black Hat presents a unique opportunity to bring the best of the best in security together to disect the threats to the software supply chain.

VMblog:  What is your message to Black Hat attendees coming out to the show this year? If they take back one message about your company, what should it be?

Hasan:  The time to maintain and protect your software supply chain is now. Your company simply can't afford to be a sitting duck waiting for an attack or to be doled a significant fine for failing to comply with software regulations. Let Lineaje aid your team with the industry's only holistic, comprehensive software supply chain management and security solution.

VMblog:  Black Hat attendees are known for being security professionals at the forefront of the industry. What specific challenges do you anticipate they'll be facing, and how will your solutions help them overcome those challenges?

Hasan:  We all just watched the world completely halt with the recent CrowdStrike outage. While not caused by a cyberattack, the incident exposed critical flaws in the interconnected software world that we live in and taught us three extremely important lessons:

  1. The software that you build has a direct runtime dependency on the software you do not build.
  2. Any software that you buy and its "independent updates" have a significant impact on your organization.
  3. Your company's application dependency chain includes the software that you build, source, and buy.

Combined with the fact that over three-quarters of today's software supply chains were exposed to attacks in the last 12 months, security professionals have software supply chain security and management at the top of their minds.

The crux of these problems boils down to visibility into the deepest software dependencies. Lineaje can help because it is the only company that can accurately discover the complete software supply chain, assess its inherent risks and classify them according to levels of impact, and then provide intelligent recommendations on what to fix first. Because we're the only company that can detect code tampering across the entire software ecosystem - from source code, binaries, images, APKs, etc. - security professionals can have true peace of mind (even with open-source software.)

VMblog:  What are some of the key takeaways of your solution that Black Hat attendees should be aware of?

Hasan:  As I mentioned before, Lineaje has four integrated products. Here are the key takeaways for each:

  • SBOM360 (Build Better Software) - SBOM360 is the industry's first software bills of materials (SBOM) manager that supports the full life-cycle management of large software factories, and efficiently manages thousands of SBOMs for all software you source, build, sell/deploy, or buy.
  • SBOM360 Hub (Sell Better Software) - SBOM360 Hub is the industry's first SBOM repository that connects software producers, consumers, and sellers to enable them to publish, share, and use compliant SBOMs and related compliance artifacts.
  • Open-Source Manager (Source Better Software) - Open-Source Manager is a comprehensive, first-of-its-kind solution that brings transparency to open-source software components in applications to manage and mitigate associated risks.
  • Third-Party Risk Manager (Buy Better Software) - Our Third-Party Risk Manager assesses security risks in every software an organization buys and automatically detects any security policy violations. 

We have Lineaje AI embedded in each of our four products. With BOMbots with Lineaje AI, organizations can analyze deep SBOMs and receive optimized recommendations and remediations across the entire supply chain, reducing software maintenance by 40% and cutting upgrade costs by the same amount.

VMblog:  The market is a crowded space.  What is it about your company and technology that sets you apart from the competition?  What are your differentiators?

Hasan:  The sheer breadth and depth of Lineaje's solution differentiates us from each of our competitors. While multiple companies offer single features of software supply chain management, governance, and security such as dependency management, open-source reputation, attestation, SBOM publishing, etc. - not one can do all (except for Lineaje).

VMblog:  Is your company launching anything new at the show?  Without giving too much away, can you give us a sneak peek?

Hasan:  While we are not launching any new products or features at the show, we will just be coming off of announcing our Series A funding. The $20 million investment was led by Prosperity7 Ventures, Neotribe, and Hitachi Ventures, alongside existing investor Tenable Ventures. We also received participation from Carahsoft, the world's largest software distributor serving the U.S. Government, Wipro Ventures, Secure Octane Investments, J-Ventures and Alumni Ventures, and other top cybersecurity leaders.

It's a very exciting time for our company. We are planning to use the funds to accelerate our customer acquisition, fortify our AI-powered platform, expand our BOMbots insights, and more.

VMblog:  What are some of the top priorities security leaders should be considering for 2024?

Hasan:  Security teams are laser-focused on preventing attacks on AI software once it is deployed, but I would advise them to take a step back. To truly protect AI applications, and the entire software ecosystem as a result, it is critical that both developers and security teams know the creators of AI models along with any potential bias to avoid gaps in security posture. I suspect that few security professionals have contemplated the role that the lineage of AI, especially if it contains open-source software components, plays in protecting the software supply chain.

VMblog:  Looking ahead, what excites you most about the future of cybersecurity, and how do you see your company playing a role in shaping it?

Hasan:  Software is the lifeline of today's modern organization, and we're excited to see how it evolves over the next few years. We're in the manifest destiny era of digital transformation. With continual advancements in AI, it will be incredible to see what security professionals can do to make a safer digital world. Lineaje is proud to be a pioneer in the space and looks forward to continuing to be the go-to source for knowledge on software supply chain security, governance, and management.

VMblog:  Beyond your specific offerings, what valuable cybersecurity knowledge or insights can you share with Black Hat attendees visiting your booth?

Hasan:  On our LinkedIn page, the Lineaje AI Labs team regularly shares what we call our "Chart of the Week."  The Chart of the Week includes the latest research on all things that security professionals need to know about the latest threats, vulnerabilities, and attack methods in the software supply chain. For anyone interested, our Lineaje AI Labs members would be happy to chat about the latest research we're working on.

##

Published Friday, August 02, 2024 7:30 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<August 2024>
SuMoTuWeThFrSa
28293031123
45678910
11121314151617
18192021222324
25262728293031
1234567