Instant Connect

CodeSentry generates Software Bills of Materials (SBOMs) for Instant Connect’s next-gen push-to-talk (PTT) software platform to meet the requirements of their DoD customers.

“Information assurance is critical to our customers in order to get approval to operate and use our applications on their secure networks. SBOMs are a requirement for any application that’s going to run in their environments. This ensures they know all the software components in the applications they have, and whether any are, or potentially could be, vulnerable.” Wes Wells, Product Manager, Instant Connect

Front-line military units and first responders rely on secure and reliable communications to achieve their objectives, whether it be executing field operations or protecting lives. And the responsibility in assuring the software powering their mission-critical products meet these requirements falls upon both the producers of the software, as well as the consumers. In this case, Instant Connect implemented GrammaTech’s CodeSentry to generate a Software Bill of Materials (SBOM) at the bequest of their customer, the U.S. Department of Defense (DoD), who uses products with Instant Connect software embedded in their communications systems. This SBOM provides details about any open-source software and third-party libraries, ask well as any corresponding risks associated with these components.

“One of our DoD customers did a scan using the GrammaTech CodeSentry product and came back to us with a couple of findings that they wanted us to address. So, I reached out to GrammaTech to get their assistance on what those vulnerability findings were, and what they felt was the best mitigation and a path forward based upon their scan report,” stated Wes Wells, Product Manager at Instant Connect.

Subsequently, Instant Connect implemented GrammaTech CodeSentry, a binary software composition analysis (SCA) technology, to generate their internal SBOM without reliance on source code. Instant Connect creates a SBOM during each software build cycle as well as delivers a final artifact document with each release for customers to use in their own software assurance and asset management programs, and possibly any incident response activities.

Instant Connect customers such as the Department of Defense (DoD) had begun scanning third-party applications as part of their Information Assurance programs to get authority to operate and use these applications on their secure networks. While they had not previously provided their customers with documentation in the form of a Software Bill of Materials (SBOM), the DoD requested Instant Connect provide a list of the open-source software and third-party libraries used in their software and referred them to GrammaTech. In the case of Instant Connect’s applications, the DoD required them to provide an inventory of any open-source libraries that were being used in their applications, as well as potential vulnerabilities, to aid in their product software verification and acceptance process, and risk assessment programs.

With the DoD requiring their vendors to provide an SBOM with their software, Instant Connect deployed GrammaTech CodeSentry and has gained greater visibility into the components of the software they deliver, and perhaps more importantly, have greater confidence in the quality of their software before it goes the customer.

“GrammaTech gives us an advantage because now we know of any vulnerabilities upfront before we ever release our software to our customers, and customers can be assured that we’ve done our due diligence upfront to make sure that we’ve found and mitigated any vulnerabilities before our software goes out the door,” said Wes Wells, Product Manager at Instant Connect.

Instant Connect is the global leader in Dynamic Frontline CommunicationsTM and has elevated the security of frontline push-to-talk voice communications in high-risk environments across the military, government, and commerce by partnering with GrammaTech, a leading provider of application security testing products and software research services.

Listen to the TechStrong.tv interview with Instant Connect and GrammaTech. Read our Press Release: Instant Connect and GrammaTech – Optimizing the security of next-gen voice communications for military, government, and Commerce.