Know. Analyze. Act.

Software Supply Chain Security for Cybersecurity Incident Response Teams

Demo Coming Soon!

Our Story

Spice Labs was founded in June 2024 to develop the system of record for cloud and data center deployments of any scale to assist cybersecurity engineers and incident responders to quickly know what code is running and has been deployed across an organization’s estate.

Our Vision

Spice Labs equips Cybersecurity Engineers and Incident Responders with a clear view of what’s running and what has previously been deployed across an organization’s cloud and datacenter. The information enables Engineers to visualize and manage daily changes in cluster vulnerabilities including: new CVEs for previously deployed & still running software, progress tracking for golden masters/post quantum crypto libraries, and much more. Incident Responders can quickly and accurately close or escalate incidents with the knowledge of what was running on a system at the time of an incident. For major incidents like log4shell, Spice Labs automates the task of identifying where the vulnerable package is running and providing automatic burn-down charts of remediation allowing teams to focus on remediation and not research..

Technology

Spice Labs’ technology is based upon a cutting-edge approach endorsed by the federal Cybersecurity and Infrastructure Security Agency (CISA) – artifact dependency graphs – and follows the leading specification in the ADG space, OmniBOR. OmniBOR was created in 2021 by a group of security engineers from Cisco and Microsoft with the goal of developing a standard schema for generating unique and unambiguous identifiers for software artifacts and their dependencies.

Who are we

How it Works

Artifact Dependency Graph Technology

Spice Labs has mapped 25 million open-source software artifacts resulting in a graph of more than 2 billion nodes – currently Java, Ubuntu, and Debian -- and computed a unique cryptographic hash identifier following the OmniBOR schema for generating a software “bill of receipts.”

Cybersecurity engineers can deploy Spice Labs’ tools to map their organization’s software assets by generating an artifact dependency graph (ADG). The ADG combined with deploy events describing where and when a software asset was deployed allows Cybersecurity professionals to have a “General Ledger” or system of record for what was run where and when.

Spice Labs is the first security product leveraging the CISA-endorsed ADG solution. We are the cryptographic system of record of what you have in your environment and its provenance – both at present and anytime in the past.

The Spice Labs Difference

Cryptographic composition & provenance
Provable & irrefutable
Identify what your current security tools miss
Time travel- know what was running at any point in the past

How it works

Industry Recognition

"Revolutionizing cybersecurity standards"

-Jim Langevin, founder of the US House of Representatives Cybersecurity Caucus

Testimonials

Meet the Team

We bring together our unique industry backgrounds, experience in building and scaling tech startups, and our mutual passion for helping companies secure their digital fences, defend against ransomware, prevent data breaches, and maintain business continuity.

Screenshot 2025-02-16 at 14.22_edited.jpg

David "DPP" Pollak

Co-founder, CEO

Jennifer Kenyon

Co-founder, COO

Aria Stewart

Engineer

Brendan McAdams

Forever in our hearts ♡

Screenshot 2025-02-16 at 14.31_edited.jpg

Dani Pletter

Product Manager

Screenshot 2024-10-11 at 13.21_edited.jpg

David Churbuck

Public Relations

Screenshot 2024-10-11 at 13.25_edited.jpg

James Douglas

Engineer

Jim Langevin

Advisor

Screenshot 2025-02-16 at 14.36_edited.jpg

JT Perry

Advisor

Manjula-Jayne Kumar

Engineer

Pavan Pant

GTM

Meet the Team

Co-Founder, CEO

David "DPP" Pollak

Designed the future-forward architecture for Twitter- still in use today

Inventor of the Real Time Spreadsheet in collaboration with Steve Jobs

Architected and led Cisco's firewall integration into other Cisco product lines

Served as a major force in maintstreaming functional programming by popularizing Scala

Co-Founder, COO

Jennifer Kenyon

Led Strategy & Planning, Revenue Operations, and Product Operations functions across large technology enterprises and start-ups

Listed as one of the 'UK's Top 100 Emerging Women in Technology'

Head of GTM

Pavan Pant

20 years of experience leading GTM & Product at high growth start-ups and large enterprises

Start-up advisor and board member for many next-gen tech start-ups

Relentlessly customer obsessed

Founding Engineer

Brendan McAdams

Forever in our hearts ♡

Engineer

James Douglas

Launched Versal, Jam, and boodleAI.

Carried Anakam and Reonomy through acquisition.

Advisor

Jim Langevin

Congressman, founded Cybersecurity Caucus

Led efforts to create and fund CISA and ONDC

Advisor to tech companies including Palo Alto Networks

Screenshot 2024-10-11 at 13.21_edited.jp

Public Relations

David Churbuck

Founder, Forbes.com

Partner, Sitrick And Company, cyber-crisis communications

VP Corporate Communications, Acquia

VP Global Digital Marketing and Social Media, Lenovo

Chief Content Officer, McKinsey & Company

Author of The Book of Rowing

Engineer

Manjula-Jayne Kumar

Over 15 years of experience across tech & InfoSec: in IT systems administration, technical support, customer service, & PCI-DSS data discovery.

Passionate about people, their privacy, and keeping their data safe

Engineer

Aria Stewart

Part of the team that built the npm package registry

Early contributor to ruby, rails, node.js & more

Open source advocate & critic

Request demo

Stay Connected with Spice Labs

Fill in your details below and stay connected with Spice Labs!

Connect on LinkedIn