Confidential SBOMs.
Address regulatory and contractual obligations without publishing your internal software details, while still letting customers react quickly to new threats.
Solving Supply Chain Security →
What We Build
Software Bills of Materials (SBOMs) between companies face slow adoption, as suppliers are hesitant to share their dependency details due to concerns over liability, IP, and business models.
We allow suppliers to provide an encrypted SBOM to their customers. Only in high-risk scenarios can customers run a single, auditable query—e.g., does it contain component-xyz v2.1--3.4? Hardware-backed trust anchors ensure that every query is auditable and tied to a known vulnerability, making exhaustive enumeration impractical.
SBOMs can also be made verifiable using our Attestable Builds solution, giving strong provenance guarantees. Optionally, the system can output a high-level trust score to support comparative risk analysis without revealing sensitive dependency data.
- Private by Default
- SBOMs are committed but their contents remain private—protected by TEEs.
- Auditable Queries
- Only auditable queries are permitted in high-risk events, and only to identify vulnerable components.
- React Fast to Threats
- Simplify the notification chain by allowing their customers to quickly check their inventory.
- CRA Ready
- The EU Cyber Resilience Act (CRA) is becoming critical for anyone selling to EU customers.
What This Means For Your Team
Software Supplier
- Keep your software dependencies private. No need to expose internal architecture, IP, or business-sensitive details.
- Offer customers extra trust and transparency without giving up control over what they see.
Software Consumer
- React to new vulnerabilities without waiting for supplier involvement.
- Improve inventory insights and identify affected components across your stack.
Ready to Get Started?
Book a call with our founders or join our early access program to see how Light Squares can help secure your infrastructure.