IBM and SCANOSS Join Forces to Advance Cryptographic Intelligence
- Giuliana Bruni
- Nov 19
- 2 min read
IBM and SCANOSS are proud to announce a strategic collaboration to strengthen cryptographic detection and enable post-quantum readiness across the software supply chain. This collaboration marks a significant step forward in enhancing cryptographic intelligence across the software ecosystem. By improving the ability to detect, understand, and manage encryption in source code, we aim to support the open source community and software industry in meeting regulatory demands and preparing for the quantum future.
With global regulatory frameworks such as the EU Cyber Resilience Act (CRA), DORA, and Executive Order 14028 placing increased pressure on organisations to secure their software, the need for accurate and standardised cryptographic visibility is more urgent than ever. At the heart of this visibility lies the Cryptography Bill of Materials (CBOM), a structured inventory of encryption methods present in software. Generating a CBOM is a critical first step in planning for a post-quantum world.
SCANOSS currently identifies cryptography in source code by scanning code repositories and components for specific keywords and patterns associated with encryption algorithms. This method provides fast and foundational insights.
Our teams are actively working to combine SCANOSS’s scalable detection capabilities with IBM’s enterprise-grade cryptographic expertise. By sharing our knowledge and experience in servicing global development and security teams, we aim to address one of the most pressing challenges in modern software: detecting and understanding encryption in source code. By combining SCANOSS’s agility with IBM’s high-confidence cryptographic analysis, we aim to deliver a new standard in open source cryptographic intelligence to enhance software security and support organisations as they assess cryptographic risk and prepare for the post-quantum era.
"Partnering with IBM significantly accelerates our cryptographic intelligence roadmap," said Alan Facey. “As these capabilities grow, organisations will be able not only to identify what cryptography is being used but also understand how it is implemented, evaluate its security, and determine necessary actions to achieve compliance and prepare for the post-quantum era.”
This transition to comprehensive intelligence equips organisations to manage risk, address regulatory demands, and confidently future-proof their systems in the face of the emerging quantum era.
Both SCANOSS and IBM are dedicated to promoting a standardised way to detect and inventory encryption in source code, and we look forward to sharing more about this collaboration as our joint efforts evolve.
For a broader view of how the Linux Foundation PQCA community is driving this change, we recommend reading “Advancing Cryptographic Transparency: Upcoming Linux Foundation PQCA CBOM Workshop at PKIC 2025”.
And for insights from our time in Kuala Lumpur, see our full recap: “Post-Quantum Cryptography Conference 2025: Kuala Lumpur”.
This collaboration with IBM represents the next step in a shared journey towards a more transparent and cryptographically intelligent software ecosystem. More details on our technical progress will be shared soon.