Exclusive: Manifest Cyber raises $6M, unveils new government contracts
- Sam Sabin, author ofAxios Codebook
Illustration: Eniola Odetunde/Axios
A software transparency startup has landed two key government contracts and closed a $6 million seed round to help agencies and critical infrastructure organizations understand what's in the software they run.
Why it matters: Few organizations understand what components or open source programs are running in the software they use, making it difficult to know what security flaws actually affect them.
- The Biden administration has been pushing agencies and critical infrastructure in recent years to invest in what's known as a software bill of materials (SBOM) that acts as an ingredients list for their tech stacks.
Driving the news: Manifest Cyber — a one-year-old startup founded by former Pentagon and Palantir employees — unveiled two contracts on Thursday with the Department of Homeland Security and the Air Force that will help federal agencies and the military figure out how to properly maintain their new SBOMs.
- Under the DHS contract, Manifest will help develop tools for federal agencies to read, update and study the SBOMS they create.
- As part of the Air Force contract, Manifest is partnering with Tufts University's Fletcher School to study the Air Force's current software stack and research new tools Manifest might need to develop to help the military branch maintain its own SBOMs.
The big picture: Manifest specializes in helping organizations update and scan generated SBOMs.
- While it doesn't take much effort to create an initial SBOM, they do require routine maintenance as new security vulnerabilities are discovered and malicious hackers start exploiting those flaws.
- "When we looked around, we saw that there wasn't really anybody who is handling the end-to-end lifecycle of an SBOM," Marc Frankel, co-founder and CEO of Manifest, told Axios.
Between the lines: Manifest also announced it closed a $6 million seed round led by First Round Capital to help build out the company so it can carry out these new contracts and continue to bring in more customers.
- Manifest also works with companies across the private sector, including healthcare, aerospace and defense contractors.
What's next: Manifest's DHS contract is just for the first phase of a four-year project, although it's possible Manifest could be brought on for other parts of the contracts.
- Meanwhile, the Air Force contract is for three months of research. After which, Manifest and Tufts will submit a proposal for review to determine if the duo can pursue their findings.
Sign up for Axios’ cybersecurity newsletter Codebook here
Editor’s note: This story has been corrected to say that Manifest Cyber was co-founded by former Pentagon employees (not former NSA employees).