Software Supply Chain Risk Assessment Patent Issued to Reliable Energy Analytics REA

WESTFIELD, MA/ACCESSWIRE/June 28, 2022/ Today, REA is pleased to announce that it has been granted patent number 11,374,961 for its Software Assurance Guardian (SAG™) METHODS FOR VERIFYING THE AUTHENTICITY AND INTEGRITY OF SOFTWARE OBJECTS for software products and the software supply chain (C-SCRM). REA was motivated to develop this patented technology to assess risk and trust in a software supply chain beginning in November 2018 after the Federal Energy Regulatory Commission (FERC) issued Order 850, “Supply Chain Risk Management Reliability Standards» [18CFR40] to protect the bulk power grid from software supply chain risks. Recent reports of software supply chain attacks, such as those suffered by Solarwinds and Log4j, have raised awareness among software consumers of the need to conduct risk assessments on software products before purchase and before installing a product. These patented processes and technologies have been implemented in REA’s SAG-PM™ C-SCRM risk assessment application to help small and medium enterprises gain this software risk visibility.

The SAG patent outlines seven steps containing detailed technical practices and processes that are designed to help a software consumer determine the reliability of a software object and its entire supply chain, expressed in the form of a SAGScore™ statistically calculated, to make a risk-based decision before purchasing and installing a software product, to proactively detect and prevent a cyberattack. Evidence is collected in thirteen separate files, as evidence that cybersecurity controls are implemented and effective, for audit purposes. These patented SAG™ methods have been implemented in REA’s flagship software risk assessment product, Software Assurance Guardian Point Man™ (SAG-PM™), which was first announced in April 2021 and continues to is now at version 1.1.8. Now, software consumers can reliably and consistently assess the reliability of a software product and its entire supply chain using patented methods that apply best practices in each of the seven stages of SAG risk rating, which results in a SAGScore™ for reliability.

REA also manages and monitors the Software Assurance Guardian Community Trust Registry™ (SAG-CTR™) and SAG-STAR™ certification program. REA customers can declare their confidence in a software product, and its supply chain, by submitting a declaration of confidence to REA for entry into the SAG-CTR™ informing other members of the SAG™ community of their confidence in a software product. Members of the SAG™ community query the SAG-CTR™ for statements of confidence, used as part of a SAG-PM™ risk assessment and calculation of a final SAGScore™. ISVs with software products that achieve broad community support through an accumulation of customer confidence statements in SAG-CTR™ are eligible to display the SAG-STAR™ image on their marketing materials.

SAG-PM™ was created to provide affordable and effective software supply chain cybersecurity protections to small and medium enterprise (SMB) operators of critical infrastructure whose staff may lack cybersecurity skills. SAG-PM™ implements best practices in accordance with the Cybersecurity Supply Chain Risk Management (C-SCRM) guidelines provided by the National Institute for Standards and Technology (NIST) in SP 800-161r1. SAG-PM has evolved to meet the requirements of NERC CIP and Cybersecurity Executive Order issued May 12, 2021 (#14028) in accordance with NIST Implementation Guidelines for Software Bill of Materials (SBOM) and Disclosure Reporting (VDR) published on 5/5/2022, required to comply with the executive decree, ref: NIST RECOMMENDATIONS. A VDR is an attestation by a software vendor that it has checked each component of a software product in an SBOM for vulnerabilities and reports on the vulnerability status of each component, for a software product. A VDR is dynamically updated and maintained by the software vendor to answer the consumer’s question at all times: “What is the vulnerability status of a software product, NOW?”

Joanne Brooks, Co-Founder and COO of REA, said, “REA is a small, highly skilled software engineering company that aims to achieve broad market adoption of SAG-PM™ and SAG methods. patented™ by small and medium-sized businesses. We are actively in talks with better resourced organizations who want to take the SAG patent and the SAG-PM software product to the next level.

Dick Brooks, co-founder and CTO of REA, said, “The SAG-PM™ product was designed as an all-in-one supply chain risk assessment software solution for small and medium sized businesses. companies using a modular architecture. This enables REA’s software engineers to design, develop and apply the best technical solutions in each of the seven stages of the patented process, and SAGScore™ calculation to ensure that our customers have the best and latest protections available to guard against the risks of the ever-changing software supply chain and against any new tactics, techniques and procedures (TTPs) introduced by the hacker community.

Parties interested in learning more about REA and the patented SAG methods and SAG-PM software are encouraged to contact REA via its contact form at us

Never trust software, always verify and report! ™


Dick Brooks
Reliable Energy Analytics LLC
+1 978-696-1788, [email protected]

THE SOURCE: Reliable Energy Analytics LLC

See the source version on