Global consulting firm Deloitte has many tools to offer organizations needing help with their application development.
The latest is BlackBerry’s Jarvis software composition analysis tool, which does open-source software (OSS), Common Vulnerabilities and Exposures (CVE), and software bill of materials (SBOM) analysis.
Deloitte announced the deal with Waterloo, Ont.-based BlackBerry this week, which it said will help firms building mission-critical applications secure their software supply chains.
Separately, Visteon Corp. announced an expansion of its collaborative work with BlackBerry to accelerate the deployment of digital cockpit solutions for automakers and suppliers
As part of the multi-year agreement, Visteon will use BlackBerry’s QNX software and services to build next-generation digital consolidated cockpits, including digital instrument clusters for multiple auto manufacturers.
Securing the software supply chain has become increasingly important since the revelation of the SolarWinds Orion update mechanism hack and the discoveries of the insertion of malware into open-source software.
Related Content: Only platforms can stop supply chain attacks
BlackBerry says Jarvis allows software auditors to inspect the provenance of their code and every software asset that comes into their overall supply chains to ensure their products are both secure and updated with the most recent security patches.
“Deloitte is very excited to partner with BlackBerry,” Stephen Meagher, Deloitte’s director of IOT for risk advisory, said in a statement. “Our already productive relationship will focus on key mobility and other market opportunities. We’re confident that BlackBerry’s deep security heritage and expertise, complimented by Deloitte’s world-leading risk advisory teams, will create a compelling value proposition for new and existing clients.”
Adam Boulton, chief technology officer of BlackBerry Technology Solutions, said the partnership will help original equipment makers and those responsible for critical infrastructure better understand their embedded systems security challenges. “Just as a health-conscious grocery shopper can benefit from scrutinizing nutrition labels on food packages, an embedded software developer can gain a whole host of insights by leveraging tools and expertise that enable them to detect issues in their supply chain that may have real implications for intellectual property disputes, security risks and overall quality.”
BlackBerry’s strategic agreement with Visteon is the latest collaboration between the two companies. In 2017 Visteon selected the QNX Platform for Instrument Clusters 1.0 software for a digital instrument cluster project for a major Chinese vehicle supplier.
“As an automotive electronics technology leader, Visteon’s hardware and software solutions support the industry trends of intelligent digital cockpits and the connected car,” Bob Vallance, Visteon senior vice president for customer business groups and marketing, said in a statement. “Our collaboration with BlackBerry QNX reflects our shared passion for innovation that helps our automotive customers stay ahead of the curve with future-proof cybersecurity solutions.”
For example, he said, Visteon’s SmartCore domain controllers help automakers accelerate the digital transformation of their cockpits with digital instrument clusters, Android-based infotainment, secure over-the-air updates and connected applications to create a premium in-vehicle experience.
John Wall, senior vice president and co-head of BlackBerry Technology Solutions, said that if software is now the driving force of the automotive industry, delivering compelling digital experiences to users has quickly become the new battleground where OEMs can differentiate themselves from one another. With partners like Visteon “together we can help manufacturers stay on the cutting edge of an industry that’s undergoing a profound transformation.”