Software Supply Chain Cyber-Risk Detection Solutions for Companies
Top of List for SEC Cybersecurity Regulation Solutions at Crunchbase
About Us
Our Experience
REA is an American company located in Westfield, Massachusetts that is backed by American investors, using American labor to create products.
We engineer software supply chain cyber-risk detection solutions to help Companies proactively detect and mitigate CISA Known Exploited Vulnerabilities (KEV) and other software supply chain risks, to prevent cyber-breaches and comply with SEC Cybersecurity Regulations. I'm frequently asked, "What does REA do?" Here is my concise answer.
Over 40 years of software engineering accomplishments including 14 years designing and developing ISO New England's Business Intelligence and Advanced Analytics and Risk Management platforms and Technical Architecture provides us with an intimate understanding of effective analytic functions performed by critical infrastructure operators. Our software engineers have a deep understanding of, and experience working with, the following areas:
- Cybersecurity practices and standards for all industries
- Detect software vulnerability risk, i.e., CISA KEV's, before procuring and installing a software product
- Ongoing monitoring of software producer vulnerability disclosure reports
- Preservation of tamper-proof evidence for software supply chain risk management processes
- Cyber Supply Chain Risk Management (C-SCRM)
- Software Bill of Materials (SBOM) and CISA Known Exploited Vulnerabilities (KEV)
- NIST Cybersecurity Framework (CSF) and NIST SP 800-161 guidelines for supply chain risk assessments for Cybersecurity Executive Order 14028 and SEC regulations (17 CFR 229.106)
- Top of List for SEC Cybersecurity solutions identified by Crunchbase
- Advanced statistical methods used in risk scoring
Service and Product Offerings
Providing clients with implementation support for NIST C-SCRM software supply chain risk assessment solutions (SAG-PM ™ ) and the preservation of tamper-proof evidence in SAG-CTR™ to comply with the new SEC cybersecurity rules effective December 23, 2023. SAG-PM implements the NIST Cybersecurity Framework V1.1 using Department of Commerce NTIA Software Bill of Materials (SBOM) supported formats CycloneDX and SPDX, following a patented (US11,374,961) 7-step SCRM risk assessment process to comply with SEC Cybersecurity Disclosure Regulations (17 CFR 229.106) and OMB M-22-18 requirements. The SAG-PM ™ SCRM application provides software consumers with a transparent look into the risks in a software package, including CISA Known Exploited Vulnerabilities (KEV) that represent material cyber-risks to an organization under the new SEC regulations, proactively, prior to any attempt at installation in a Companies digital ecosystem. SAG-PM ™ is available at a price point attractive to smaller entities with limited Cybersecurity budgets and lacking cybersecurity expertise.
Why Us?
REA is a small, highly skilled and proficient software engineering organization that has grown organically since December 2018 under the leadership of Dick and Joanne Brooks, Co-Founders. We pride ourselves on developing high quality, reliable software solutions for the software supply chain risk management domain. Our flagship product SAG-PM ™ is the most mature, comprehensive, and complete patented software supply chain risk assessment product on the market implementing a "good faith process" following the NIST Cybersecurity Framework (CSF) and C-SCRM standards, backed by highly proficient, professional and dedicated software engineering and staff.
REA is different from other cybersecurity vendors that must answer to their venture capital investors and follow the whims of market movements. From day one VC backed cybersecurity firms are "aiming for exit" and that is their goal. It's common to find VC backed firms being "pumped up" to raise valuations before exiting. " Approximately 75% of venture-backed startups fail "
REA is an "owner backed company" that only answers to one group of people, our customers. We are not running for the "exit". REA is in business to succeed by growing the company. We make money the old fashioned way, we earn it!
We succeed by focusing on delivering real, effective solutions. We listen to what our customers want and that's what we deliver; solutions that work for the customer, that is our top priority. Yes, we are small, compared to other cybersecurity solution providers, but we will compare our commitment to customers, product quality and technical skills with anyone. We remain committed to helping customers steer clear of the CISA KEV cyber-icebergs in their path and improve their cybersecurity capabilities to defend against hacker cyber-attacks and comply with SEC cybersecurity regulations (17 CFR 229.106) and other software supply chain regulations, such as NERC CIP-010. We continue to be active participants in cybersecurity policy discussions and initiatives at CISA and the IETF Supply Chain Integrity, Transparency and Trust (SCITT) work group to ensure that our SAG-PM™ and SAG-CTR™ solution remains fresh and ready to comply with regulations and cybersecurity best practices from NAESB, NERC, NIST, CISA and the SEC.
Looking forward to seeing friends and colleagues at BSidesCT on September 30 hosted by Quinnipiac University; I'm doing a technical, implementation talk on the U.S. Securities and Exchange Commission Cybersecurity Regulations that take effect in December 2023, with a focus on cyber-risk detection in the software supply chain, such as Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities, as part of the cybersecurity process disclosure requirements (17 CFR 229.106) and the new, four-day cyber-incident reporting requirement in Form 8-K. An enhanced version of my BSides CT slide deck is available online.