WASHINGTON, Aug. 25, 2020 /PRNewswire/ -- Ion Channel, a software supply chain assurance platform developed to secure critical infrastructure, has been awarded a Phase 2 Small Business Innovative Research (SBIR) contract to accelerate software logistics and supply chain monitoring for code deployed on military networks. Ion Channel's software supply chain logistics platform enables full chain of custody and auditable transfer of software components, applications and containers, from point of origin to cloud VPCs and air-gapped networks, and automates continuous monitoring of risks in previously delivered software.
As a high-scale platform built to continuously monitor tens of thousands of third party software components and applications coming into enterprises, Ion Channel analyzes, monitors and securely delivers open source software components, contractor deliverables and vendor software updates from their points of origin to customer environments, which may be separated from the Internet by one-way data guards. Pre-defined customer rules for security and cyber hygiene are enforced before software is allowed in, and the transfer of all software is fully auditable: what came in, when, how, and in what known state. As risks and vulnerabilities emerge against a software deliverable's bill of materials or supplier risk indicators, live-state assurance data is automatically transferred to alert security and mission owners that previously approved capabilities are out of compliance.
"Continuity of mission operations and assurance is a particularly difficult problem on networks that are not connected to the Internet and an even bigger challenge with containerized software, which is designed to be portable," says Nicolas Chaillan, the Air Force's Chief Software Officer. "Ion Channel's combination of software logistics and continuous assurance gives the Air Force end-to-end transparency into the supply chain and an out-of-band monitoring capability to keep software assured when it's not being actively built or updated." Because even agile development teams don't build and deliver their software every day forever, Ion Channel's out-of-band monitoring fills the gap in SecDevOps pipelines that only analyze software when it's being actively developed. This maintains continuity of assurance as new projects become legacy and their development cadence drops - which is when vulnerabilities start to stack up.
"Software ages like milk, not like fine wine," says Ion Channel COO JC Herz. "Part of the shift from once-and-done approvals to continuous authorization is a commitment to keeping these capabilities green. This is particularly important for customers who maintain large software portfolios, or distributors who make applications available for download and installation on systems and devices they don't control."