In This Story
George Mason University Department of Information Sciences and Technology Professor Kun Sun received a grant from the Commonwealth Cyber Initiative (CCI) of Northern Virginia to collaborate with CodeLock, Inc., a Virginia-based technology company specializing in software security. The grant totals $75,000 for one year and is part of CCI’s Academic Support for Cybersecurity Entrepreneurship and Next-Gen Development (ASCEND) Fund.
“The idea for this funding is to partner a startup company with university subject matter experts,” said Sun. “The focus of this grant is to build a platform that connects startups with academic experts to solve technical industry challenges.”
The project will integrate Sun’s previous research on automated security patching with CodeLock’s technology for secure software supply chain using dynamically generated digital signatures to develop solutions that address vulnerabilities in source code.
CodeLock offers a cybersecurity platform designed to secure software development processes by providing real-time monitoring, compliance automation, and protection against insider threats and supply chain attacks. It creates a forensic chain of custody by linking every code change to its developer, ensuring transparency and integrity throughout the software development lifecycle.
“So for software supply chain security we install outside software applications on our smartphones and computers, for example,” said Sun. “That software may rely on other software and we have this term, SBOM, which means software bill of material. It says that we need to know what other dependent software is used and can we trust that software? If you install software, you need to verify it has not been manipulated or modified by an attacker.” Sun will apply his 10+ years of research on automatic software vulnerability detection and automated program repair.
“The vast majority of software supply chain attacks begin with compromised credentials—something traditional security tools are ill-equipped to prevent,” said CodeLock CEO Brian Gallagher. “By enforcing zero-trust authentication at the developer level and linking that identity to a tamper-proof chain of custody, CodeLock is fundamentally reshaping the threat landscape. Partnering with George Mason allows us to build on that foundation by automating vulnerability patching, which not only strengthens security but also delivers measurable cost savings for our customers. This collaboration accelerates our mission to bring transparency, accountability, and efficiency to software development across both government and commercial sectors.”
The project team will get feedback from CodeLock’s existing customers and collaborate with CCI and the Northern Virginia Technology Council to refine the solution for broader commercial adoption. Additional funding will be provided by CodeLock and supplemented through grant opportunities.