Cyclist Safety, Personal Equipment, Road Safety, Safety and Security
Make cyclists safer on the road
© Ploughshare Innovations Ltd 2025. Registered in England and Wales No. 04401901
To overcome the growing risk of software system supply chains being infiltrated, a new technology enables system providers to be assured of the security, integrity, and provenance of their software components, even when sourced from a wide range of suppliers.
As software systems are becoming increasingly more complex – involving hundreds or even thousands of components from multiple different suppliers – there is likewise an ever-growing challenge in protecting the supply chain from being infiltrated, with a corresponding significant increase in risk and cost.
The cost of these infiltrations by adversaries is predicted to reach nearly $138bn by 2031 (2023 Software Supply Chain Attack Report). These infiltrations are already happening – in one example (SolarWinds 2020), a supply chain infiltration resulted in over 18,000 customers installing malicious code as part of an automatic update, which enabled the attackers to access the customers’ systems.
It was essential to find an effective solution to protect customers, cost, and business reputation.
Developed by Dstl, a new technology provides continuous assurance of the provenance of the software components within a system, and assurance that the supply chain integrity has not been compromised.
The technology has been built following and expanding the scope of the Zero Trust Principles, so that the integrity of all artefacts (e.g. software and documentation) is validated every time it is used. This technology also utilises the Data Centric Security (DCS) approach, which ensures that each artifact’s provenance is cryptographically secured (encrypted).
By combining these two principles, this technology ensures that compromised software is detected and both the point of entry (e.g. a software vulnerability) and its provenance can be traced to an individual supplier. This system is modular, and provides an unprecedented level of visibility and assurance, even across the most complex supply chains.
To date, a minimum viable product of this technology has been built.
This technology has broad applicability across multiple market sectors and user groups.
For MOD – where systems can be made up of hundreds or even thousands of artefacts, and consequently requires a large number of suppliers – this technology can provide a secure development environment providing assurance of the overall system and building trust between suppliers. The modular nature of the technology supports its deployment across large-scale environments.
For software system developers managing their own development environments, this approach gives assurance of the many artefacts across the system, and a level of confidence that they have not been compromised by an attacker. This enables them to give their customers some assurance about the security and resilience of the software supply chain, and that it has not been compromised.
For systems integrators, who are bringing together software components from multiple suppliers, this approach provides assurance of the integrity of a supply chain, which they may have little or no visibility into. This also enables that assurance of supply chain integrity to be passed on to their customers.
If you would like to discuss this technology or collaboration opportunities with our team, please get in touch below.
"*" indicates required fields
© Ploughshare Innovations Ltd 2025. Registered in England and Wales No. 04401901