Spice Labs Announces Post-Quantum Cryptography Inventory Builder

Module creates accurate post-quantum cryptography security reports and tracks remediation progress

SOMERVILLE, MA, UNITED STATES, December 8, 2025 /EINPresswire.com/ -- Spice Labs today announced its post-quantum cryptography mapping tool for developers and security teams tackling the task of replacing at-risk key exchange encryption algorithms with NIST-approved libraries.

Organizations are at risk now and in the future due to the arrival of “Q-Day” – the moment when a cryptographically capable quantum computer can crack current key exchange encryption algorithms. While most experts estimate that milestone won’t arrive until the early 2030s, the time to transition is now to protect vital data from so-called “harvest now, decrypt later” attacks. Gartner supports a rapid transition, predicting that existing cryptography will be unsafe by 2029. Governments have already set deadlines for upgrading systems used by their agencies, and regulators are imposing similar deadlines for at-risk sectors such as financial services and healthcare.

David Pollak, founder of Spice Labs, said “Upgrading to post-quantum crypto compliant solutions begins by first identifying where at-risk encryption algorithms are present in applications. Spice Labs is an ideal tool for surveying a software stack, pinpointing the issue, and tracking progress towards post-crypto compliance.”

A post-quantum cryptographic remediation project starts with conducting a comprehensive cryptographic inventory across all of an organization’s fragmented, legacy, and multi-cloud systems to locate and identify vulnerable cryptographic algorithms. Because of the high stakes should any vulnerable code be overlooked, a valid inventory should be meticulously and comprehensively executed with all dependencies accurately mapped and accounted for.

The most accurate technique for surveying software is to inventory every container, JAR file, virtual machine, and codebase within an organization. Only through the mathematical generation of Merkle tree structures can an accurate representation of what is actually running be gained.

Spice Labs advisor Aeva Black, founder of Null Point Studio and CISA’s former Section Chief of OSS Security said, ”As we approach the 2030 post-quantum cryptography deadline, every company should have a plan to migrate away from traditional encryption. Using Artifact Dependency Graphs to map a complex software supply chain simplifies this planning, and Spice Labs’ ability to compare a module’s ADG over time allows organizations to easily track their progress towards PQC compliance.”

Read the white paper Performing a Post-Quantum Cryptography Inventory with Spice Labs and see an example of a Post-Quantum Cryptography Security Report at https://www.spicelabs.io/performing-a-post-quantum-cryptography-survey/

About Spice Labs:
Spice Labs maps deployment artifacts and systems with cryptographic fingerprints, anchoring them to our continuously updated 10 billion node OSS database and enrichment layers to drive confident, fact-based decisions.
With comprehensive maps of your stack, replace guesswork with hard data. This enables faster decisions, reduced risk, and measurable progress across projects.
Our technology surveys containers, virtual machines, and applications, identifying components and relationships even in legacy systems without Software Bill of Materials. This empowers users and consultancies to navigate technical debt, scope modernization projects, quantify progress, and rapidly respond to incidents, ultimately saving time, controlling costs, and strengthening trust.

David Churbuck
Spice Labs
+1 508-360-6147
email us here
Visit us on social media:
LinkedIn

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.