RVO's SBIR Enters Phase 2 with 5 Selected Winners

29 Sep 2022
Author: HSD Foundation

The Netherlands Enterprise Agency (RVO) selected several companies in January for their SBIR calls. The selected partners (including Software Improvement Group, Eye Control and Riscure) took part in a feasibility study as part of the first phase of the SBIR calls: Automated Vulnerability Research (AVR) and Crypto communication. RVO now announced these partners are among those selected to move onto Phase 2, which will see further expansion on these projects by developing a prototype.


SBIR Calls

The themes of this SBIR competition are Automated Vulnerability Research (AVR) and Crypto communication. AVR focuses on automatically finding and repairing vulnerabilities in software. With an extra focus on vulnerabilities that have not been found and/or published before. Crypto communication is the applied form of cryptography in all forms of digital communication within different domains. Crypto communication makes it possible to send, store and process data securely. In total 5 projects have been selected to advance unto phase 2. 


Selected Projects

Software Improvement Group (SIG) is developing an AVR-module that substantially impoves the detection of vulnerabilities in source code. This module of their Sigrid platform contains hybrid AI that harnesses the expertise of experienced reviewers in combination with self-learning algorithms. Utilising this, reviewers can work more efficiently, find more vulnerabilities than fully automatic AVR-tools, and the group of reviewers can grow faster. In this Phase 2 project, SIG is developing a prototype, will be evaluating it in pilots, and will collaborate with Radboud University and TNO.


Project manager Rob van der Veer: “Thanks to previous SBIR funding, SIG has been able to put itself on the software security map. I’m excited to benefit from the SBIR support again, and this time to enable ourselves, our partners and our clients to benefit from SIG expertise at scale using AI.”


EYE and APTA are developing a service to automate sharing of the incident response process. This allows analysts to determine the required actions to contaminate and solve the incident faster. The technology is based on a machine learning algorithm, which analyses software models for aberrant behaviour by hosts, and can distinguish between known behaviour, and behaviour not seen before. Research during Phase 1 showed that this technology is suitable for learning and reasoning. Now this service will be developed further and made ready for the market.


Riscure's project is aimed at making fuzzing usable for more people by automating the connection and analysis. Fuzzing is a newer testing method that is aimed at testing software packages for vulnerabilities. Excellent open soruce fuzzer test methods are available, but these are generally only used in academic circles, as configuration of a fuzzer to the software it needs to test takes a lot of time. In addition, analysis of the results requires a vast amount of knowledge.


With increasing threats to national security by persons, groups and organisations, it's also becoming increasingly likely that hardware supply chain attacks will take place, instead of just software attacks. Fox Crypto's project involves research and development into Dutch microchips, that will lead to renewed security products for cryptocommunications, with potential for further development. This is becoming ever more important, as challenges in trustworthiness of the supply chain are growing. The goal of this project is to increase resilience and evaluability of a new generation of security products for Dutch microchips.


Lastly, Groepspraktijk Ed Wender B.V. is testing the applicability of large-scale Multi-Party Computation (MPC) health care in collaboration with Roseman Labs. With health care costs on the rise, healthcare providers and government require a means to measure the effectiveness of health care. Currrently it's complicated to perform a study with several health care parties, as they are hesitant to share data. This project will focus on diabetic footcare, as it is seen as an example and leader for the 106 other professional associations in health care.


For more information on the selected projects, read the full statement by RVO (in Dutch) here.

HSD Partners involved