//Software Supply Chain Risk Assessment (C-SCRM) Patent Issued to Reliable Energy Analytics (REA™)

Software Supply Chain Risk Assessment (C-SCRM) Patent Issued to Reliable Energy Analytics (REA™)

SAG Logo

REA is pleased to announce it has been assigned patent number, 11,374,961, with an issuance date of June 28, 2022 for its Software Assurance Guardian (SAG™)

We are actively in discussions with larger, better resourced organizations with an interest in taking the SAG patent and the SAG-PM software product to the next level.”
— Joanne Brooks, REA Co-Founder
WESTFIELD, MA, USA, June 8, 2022 /EINPresswire.com/ -- Today, REA is pleased to announce it has been assigned patent number, 11,374,961, with an effective issuance date of June 28, 2022 for its Software Assurance Guardian (SAG™) METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY for software products and the software supply chain (C-SCRM). REA was motivated to develop this patented technology to assess risk and trust in a software supply chain starting in November, 2018 after the Federal Energy Regulatory Commission (FERC) issued Order 850, “Supply Chain Risk Management Reliability Standards” [18CFR40] to protect the bulk electric grid from software supply chain risks.

The SAG patent describes seven steps containing detailed, technical practices and processes that are designed to help a software consumer determine the trustworthiness of a software object and its entire supply chain, expressed as a statistically calculated SAGScore™, to make a risked based decision prior to procurement and installation of a software product, to proactively detect and prevent a cyber-attack. Evidence data is collected in thirteen separate files, as proof that cybersecurity controls are implemented and effective, for audit purposes. These patented SAG™ methods have been implemented in REA’s flagship software risk assessment product, the Software Assurance Guardian Point Man™ (SAG-PM™), which was first announced in April 2021, and now stands at version 1.1.8. Now, software consumers can reliably and consistently assess the trustworthiness of a software product and its entire supply chain using patented methods that apply best practices within each of the seven SAG risk assessment steps resulting in a trustworthiness SAGScore™.

SAG-PM™ was created to provide affordable and effective software supply chain cybersecurity protections to small and medium businesses (SMB) operators of critical infrastructure that may lack cybersecurity skills on staff. SAG-PM™ implements best practices following Cyber Supply Chain Risk Management (C-SCRM) guidelines provided by the National Institute for Standards and Technology (NIST) in SP 800-161r1. SAG-PM has evolved to satisfy requirements of NERC CIP and the Cybersecurity Executive Order issued on May 12, 2021 (# 14028) following NIST’s implementation guidelines for Software Bill of Materials (SBOM) and Vulnerability Disclosure Reports (VDR) issued on 5/5/2022, required to meet the Executive Order, ref: NIST RECOMMENDATIONS. A VDR is an attestation by a software vendor that they have checked each component of a software product in an SBOM for vulnerabilities and reports on the vulnerability status of each component, for a software product. A VDR is dynamically updated and maintained by the software vendor in order to answer the consumer question at any point in time, "What is the vulnerability status of a Software Product, NOW?"

Joanne Brooks, REA Co-Founder and Chief Operating Officer stated, “REA is a small, but highly skilled software engineering firm that aims to achieve broad market adoption of SAG-PM™ and the patented SAG methods™ by small and medium businesses. We are actively in discussions with larger, better resourced organizations with an interest in taking the SAG patent and the SAG-PM software product to the next level.”

Dick Brooks, REA Co-Founder and Chief Technical Officer stated, “The SAG-PM™ product has been designed as an all-in-one software supply chain risk assessment solution for small and medium businesses using a modular architecture. This enables REA software engineers to design, develop and apply the very best technical solutions within each of the seven steps in the patented process, and the SAGScore™ calculation in order to ensure that our customers have the best, and most current, protections available to guard against constantly evolving software supply chain risks and any new Tactics, Techniques and Procedures (TTP’s) that the hacker community introduces.”

Parties interested in learning more about REA and the patented SAG methods and SAG-PM software are encouraged to reach out to REA via its contact form at https://reliableenergyanalytics.com/contact-us

Never trust software always verify and report!™

Dick Brooks
Reliable Energy Analytics LLC
+1 978-696-1788
email us here