EletiofeA New Linux Tool Aims to Guard Against Supply...

A New Linux Tool Aims to Guard Against Supply Chain Attacks


- Advertisment -

In the wake of alarming incidents like Russia’s massive 2017 NotPetya malware attack and the Kremlin’s 2020 SolarWinds cyberespionage campaign—both pulled off by poisoning wells for software distribution—organizations around the world have been scrambling to get a handle on software supply chain security. In general, and for open source software in particular, stronger defense rests in knowing what software you’re actually running, with a crucial focus on enumerating all the little pieces that make up the whole and validating that they are what they should be. That way, when you pack a box of software heirlooms and store it on a shelf, you know there isn’t a live microphone or a Tupperware full of deviled eggs sitting in the box for years. 

Creating a system to generate a manifest of what’s inside every box in every basement and garage is a massive effort, but a new tool from security firm Chainguard aims to do just that for the software “containers” that underly almost all digital services today.

On Thursday, Chainguard launched a Linux distribution called Wolfi that is designed specifically for how digital systems are actually built today in the cloud. Most consumers don’t use Linux, the famed open source operating system, on their personal computers. (If they do, they don’t necessarily know it, as is the case with Android, which is built on a modified version of Linux.) But the open source operating system is widely used in servers and cloud infrastructure around the world, partly because it can be deployed in such flexible ways. Unlike operating systems from Microsoft and Apple, where your only choice is whatever ice cream flavor they release, the open nature of Linux allows developers to create all sorts of flavors—known as “distributions”—to suit specific cravings and needs. But the developers at Chainguard, who have all been working in open source software for years, including on other Linux distributions, felt that a key flavor was missing.

“What we’ve done is built a distribution that we feel will work well for enterprises looking to seriously address supply chain security,” says Chainguard principal engineer Ariadne Conill. “Different distributions have different pieces of software that they include—they’re curated collections of software. By starting with a Linux distribution that gets everything right from the beginning, that’s a huge advantage for software developers to get their own stuff right.”

Think of software containers like a home built out of a shipping container. Everything you need to live is in there, but you can pick up the container house and move it wherever it needs to go. If an operating system is like the appliances, electrical wiring, plumbing, and other infrastructure in the container home, that’s what Wolfi is vetting and pre-itemizing to ensure the security of everything in your container house. Wolfi is designed to work smoothly with other tools from Chainguard that help developers build out and add to the software in their container in a secure way. In other words, it’s simple to validate furniture and personal effects and add them to your container home index. That way, if your house gets broken into, it’s easier to determine what happened and how. And if you ever want to ship your house overseas, you have a detailed manifest to show customs.

“It’s the exact same thing with software as with physical goods—there can be contraband or counterfeit goods that people are trying to hide and sneak by,” says Adolfo Garcia, a software engineer at Chainguard. “For software, if you don’t have the capability to collect the information at build time, you’re going to be missing a lot about what’s in there.”

Latest news

Lagos Assembly Reveals Shocking Findings Of Late Boy With Missing Intestine, Writes Police

Hon. Noheem Adams, the chairman of the Lagos Assembly ad-hoc committee ordered to probe the circumstances that led to...

Supreme Court Judge, Justice Augie Retires

Supreme Court Judge, Justice Amina Augie, has retired at the age of 70. Augie, who was...

Wike Swears In FCTA Secretaries

Nyesom Wike, the Minister of the Federal Capital Territory Administration, has sworn into office the Secretary of Economic Planning,...

I’m One Of The Lucky Survivors Of Abject Poverty – President Tinubu

President Bola Tinubu has said that he is one of the lucky persons who broke out of the shackles...
- Advertisement -

Police Arrests Boyfriend Over Abuja Undergraduate’s Murder

A suspect has been arrested by the police in connection with the murder of 26-year-old Blessing Karami, an ...

Revolut Needs to Get Its House in Order

For a second year running, Revolut, the jewel in the UK’s fintech crown, will fail to file its annual...

Must read

Lagos Assembly Reveals Shocking Findings Of Late Boy With Missing Intestine, Writes Police

Hon. Noheem Adams, the chairman of the Lagos Assembly...

Supreme Court Judge, Justice Augie Retires

Supreme Court Judge, Justice Amina Augie, has...
- Advertisement -

You might also likeRELATED
Recommended to you