SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
RKVST takes part in Tokyo hackathon, showcases capabilities
Wed, 29th Mar 2023

RKVST has participated in the Internet Engineering Task Force (IETF) 116 Hackathon that took place earlier this week in Japan.

The IETF 116 Hackathon took place on March 25 and 26 in Yokohama, Japan and sought to exercise and inform the draft standards from the IETF Supply Chain Integrity, Transparency and Trust (SCITT) Working Group.

Supply chain risk, specifically the significant threats that supply chain attacks pose to organisations, is a primary focus in the wake of the Kaseya ransomware attack and the SUNBURST attack, which saw the likes of SolarWinds, VMware and others affected.

Vendors need the ability to ascertain whether products and all their components meet the security, reliability, privacy and sustainability necessary to protect a modern business.

The IETF SCITT Working Group is developing specifications that make entities in the current complex supply chain landscape transparent and accountable for their actions, which intends to strengthen supply chain security.

The new SCITT Community works alongside the Working Group, aiming to boost the number of companies adopting and developing these specifications through collaborating with them and implementing these specs in real-world situations.

This community comprises representatives from Fraunhofer, mesur.io, Microsoft and RKVST, among others.

RKVST’s Provenance-as-a-Service offering was used as the back end to an open source SCITT API Emulator at the hackathon.

The emulator is designed to be a standard client that reflects the draft SCITT architecture specification.

SCITT Community members worked together to create the emulator, testing and proving how technically practical and commercially interoperable it would be for consumers.

This SCITT emulator, as well as an open source View COSE tool, gave participants at the IETF 116 Hackathon the chance to take a hands-on approach in experimenting with the draft standards.

In addition, the event also offered the chance for Working Group members, developers and subject matter experts to talk about the IETF SCITT specifications, who worked together to refine them.

“Right now, it’s challenging to manage the ongoing compliance of products and services against requirements across global end-to-end supply/value chains, the root causes being; insufficient standards for verifying identities of parties, tamper-proof and independently verifiable data stores; lack of legally meaningful and persistent supply/value chain data; and the absence of globally interoperable transparency services and trusted service discovery,” says Jon Geater, Chief Product Officer, RKVST.

“The IETF SCITT Working Group aims to address these challenges with a set of specifications that will, over time, become standards - enabling multiple projects, products and services to interoperate.

“With this hackathon and other practical activities, we are investing in driving forward understanding and helping to accelerate the development of those standards for the benefit of all.”