‘Defense contractor next door’ to help secure Air Force tech
WESTPORT — Marc Frankel called himself a “defense contractor next door” — a fitting title for a Westport resident whose business will soon be helping safeguard the Air Force’s software.
Frankel is the CEO and co-founder of Manifest, a company with a program also called Manifest, that reduces software supply chain risk by identifying the vulnerabilities in software that organizations build and buy. His company has received a $1.8 million contract by the Air Force Research Laboratory to make its technology more secure.
“Software is the only thing you buy that you don’t know what’s in it,” Frankel said.
About 10 years ago, Frankel and Manifest co-founder Daniel Bardenstein met while working at Palantir Technologies and spent five years as colleagues before they moved on to different cybersecurity roles.
According to Frankel, when someone buys programs for a computer, it downloads without identifying what’s actually in it, unlike buying a food product where someone can see the ingredient list. He and Bardenstein noticed there was a need for software supply chain security after a 2021 malicious code attack on a commonly used Java program caused massive problems for companies and individuals that used it, he said.
“It was a nightmare for cybersecurity professionals,” he said.
Frankel and Bardenstein came together to form Manifest in 2022, creating a tool to generate and use Software Bills of Material, the inventory of components used to build, among other things, a software application.
Manifest manages a company or person’s Software Bill of Material lifecycle — an ingredient list of what is in each program, according to Manifest’s website. Those who use it can respond to vulnerabilities smarter and faster when it appears, and buy more secure technology, the site says.
There are 200,000 vulnerabilities — the ways software can be compromised, abused and exploited — listed in a national database,
Frankel said.
Frankel said hackers, who can be nation-state actors such as China, Russia or Iran, or non-state such as organized crime groups or individuals, attempt to use vulnerabilities for espionage, ransomware or to get money.
Frankel compared the Manifest program to a website that lists what recalls have come out for a car. For each piece of software, Manifest can identify if there are any known problems with it, he said.
According to a news release from U.S. Rep Jim Himes, D-Conn., announcing Manifest’s new contract, President Joe Biden signed an executive order in 2021 to improve national cybersecurity infrastructure, establishing baseline security standards for software sold to the government.
Since that executive order, the Department of Defense and federal civilian Executive Branch agencies have required SBOMs from software vendors, so they are able to evaluate vulnerabilities and risks of cyberattacks within their software.
Frankel said the executive order allows small businesses a chance to compete with large ones for government contracts. It is a two-phase process, with the first award for three months to explore what user should receive the program, and the second to deploy it. Manifest received its award for the Air Force in February.
Of the total, $1.2 million will go directly to Manifest to deploy the program over 18 months, and $530,000 will go to research at the Fletcher School at Tufts University, where Frankel is an alumnus.
“Our hope (is) that we’ll be able to deploy our application within the Air Force and, ultimately, throughout the U.S. government” to prevent another 2021 cybersecurity disaster, he said.
Frankel said it’s a “humbling experience” for his business to be given the contract, particularly since it’s a small business primarily run out of Frankel’s basement.
He also said he is pleasantly surprised with the startup community and support it has in Westport. Manifest is a sponsor of StartUp Westport,