Manifest: SBOM for the World’s Mission-Critical Organizations
Tremendously large companies are built around macro shifts in markets. These can be in consumer behavior, technology advancements that are indistinguishable from magic, and even regulatory change. In the case of Manifest, founded by Marc Frankel and Daniel Bardenstein, Manifest is rooted in two of those changes – a regulatory shift for the United States government to secure software and the need to respond more rapidly to security issues in open-source enterprise software.
The team from their time at the Pentagon and Palantir felt the lived pain of lost revenue, time, and havoc caused when trying to trace the source of a cyber security breach back to a specific software component. For those in the know, Log4j. Since 2020, supply chain attacks are rapidly commonplace, and yet Mark and Daniel were consistently left without a system to check software inventory in the event of a future attack.
Here at XYZ, we are always excited when thoughtful regulation and government support can accelerate a macro wave of change for enterprises. In May of 2021, the Biden Administration released Executive Order 14028, citing cyber security breaches as a top concern for national security. “The development of commercial software often lacks transparency, sufficient focus on the ability of the software to resist attack, and adequate controls to prevent tampering by malicious actors…Accordingly, the Federal Government must take action to rapidly improve the security and integrity of the software supply chain, with a priority on addressing critical software.” And thus, the government there on out required that guidance be issued which:
Provides a “purchaser a Software Bill of Materials (SBOM) for each product directly or by publishing it on a public website”
Participates in “a vulnerability disclosure program that includes a reporting and disclosure process”
Attests to the conformity, integrity, and provenance of open-source software within any portion of a product
Publish minimum elements for an SBOM
SBOMs are the technology equivalent of a nutrition facts label for food; they are a formal record that details the supply chain relationship of components used in software building. Marc and Daniel realized that while tools existed to produce SBOMs, there weren’t nearly strong enough tools to consume SBOMs. By managing SBOM workflows, Manifest is securing the software supply chain for the world's mission-critical organizations and enabling enterprises to uncover third-party risk, respond to vulnerabilities smarter and faster, and buy more secure tech through increased transparency.
By deploying Manifest, customers gain value across the organization as they manage their product development and vendors. Procurement teams can more easily manage. Security teams gain value and visibility into software vulnerabilities allowing them to respond more rapidly to threats. Developers are saving time by building better software and spending less time manually generating and managing SBOMs.
Since investing in Manifest’s pre-seed round in the spring of 2022, the company has executed DHS and Airforce contracts and commercial customers across the healthcare, aerospace, and defense industries. We were excited to lead their pre-seed and even more keen to bring in our close friends at First Round Capital to lead Manifest’s $4.5M Seed Round to continue this capital partnership.
You can learn more about Manifest here and check out their latest career opportunities.
