Scribe Security Launches Evidence-Based Security Trust HubScribe Security Launches Evidence-Based Security Trust Hub
Security, DevSecOps, and DevOps teams can now build transparent trust in the software they deliver or use.
October 24, 2022
TEL AVIV, Israel, Oct. 24, 2022 /PRNewswire/ — Scribe Security announced today the launch of its unique evidence-based security trust hub, offering for the first time true end-to-end software supply chain security.
In recent years, software supply chains — both open-source and proprietary CI/CD pipelines — have become more attack-prone than ever before. In 2022, Gartner listed digital supply chains as a top trend to watch and a major rising attack surface. That puts the integrity of organizations' code, customers, and brand reputation at risk. Even one bad software component or a security gap in the CI/CD that may lead to malicious access to the development environment can be enough.
Security professionals, software engineers, and DevOps teams are challenged with building transparent, evidence-based trust in the software they use or deliver. Scribe Security took the lead and became the first vendor to introduce the concept of one, consolidated hub for security evidence for software products, launching a friendly and easy-to-use platform.
Unlike other software supply chain security solutions, Scribe's evidence-based security hub supports a workflow for sharing software bill of materials (SBOMs), along with other security aspects of software, across or within enterprises, making software products' security transparent to customers, buyers, and security teams.
"SBOM is a best practice that is expected to become widely required and used to mitigate software supply chain risks. With that in mind, we decided to be the pioneers and launch a simple-to-use platform that serves as a hub for a plethora of security evidence for software products," said Rubi Arbel, Scribe Security Co-founder, and CEO. "Scribe's platform offers a complete self-serve experience. It is easy to implement and use, as it is plugin and CLI-based. And finally, you can start with a freemium, no strings attached."
Scribe continuously attests to the software's trustworthiness, so stakeholders can:
Ensure a secure development process
Build and enforce SDLC processes
Validate that the code is tamper-free
Gauge compliance to software supply chain standards such as SSDF and SLSA
"Validating software integrity is challenging," said Danny Nebenzahl, Scribe Security Co-founder, and CTO. "Today, we introduce to the market a novel technology that offers a holistic solution for continuous and evidence-based assurance of software components and artifacts as well as CI/CD processes. We make sure that the entire software supply chain is not tampered with. With the Scribe platform, teams can generate, manage and share SBOMs, validate integrity, and track vulnerabilities of their containers, dependencies, and pipelines."
Scribe platform key features:
Automatically generate, and manage SBOMs and security insights
Validate the code integrity and provenance
Track vulnerabilities in the containers, dependencies, and pipelines
Detect code tampering
Continuously demonstrate compliance with supply chain regulations and best practices
Selectively share all this, in a controlled manner, with stakeholders internally across organizations
About Scribe Security
Scribe Security was founded by cyber security and cryptography veterans on a mission to build and provide innovative end-to-end software supply chain security solutions.
We applied our expertise to create a novel platform that leverages leading concepts and frameworks to deliver uncompromising security to code artifacts, from production to delivery throughout the entire software lifecycle. For more information: https://scribesecurity.com/
SOURCE: Scribe Security
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks