So what’s a software bill of materials (SBOM)? The simplest way is to think of it as an ingredients label, making sure that the underlying software components (especially open source pieces) are known to anyone using a software product. Without an SBOM, you’re flying blind as to the security and performance risks in a tech stack. That’s why both the public and private sector are pushing for standardization and availability of this data. Enter Manifest.
Manifest allows organizations to generate, collect, and operationalize software bill of materials (SBOMs) to achieve insight into the hidden risks of their software, respond faster to vulnerabilities, and procure more secure products. The company recently announced Department of Homeland Security and Air Force contracts, among a number of other commercial customers. Alongside these new relationships is a $6 million seed round, which we were thrilled to participate in (thanks to our friend and coinvestor Ross Fubini for the introduction).
As the Manifest team writes,
Software supply chain vulnerabilities are escalating rapidly. Software supply chain attacks have grown 300% since 2020, and an astonishing 62% of enterprises say they were hit with software supply chain attacks in 2021. Cybersecurity is often referred to as the “horizontal vertical,” touching every industry and every enterprise. The problem of understanding what’s in the software we build and buy is something that has been overlooked for too long, and in recent years, headline-making and business-disrupting cybersecurity vulnerabilities such as Log4shell, Solarwinds, and Apache Struts have brought it front and center.
If Manifest’s mission sounds exciting to you, they are hiring!