A New Linux Tool Aims to Guard Against Supply Chain Attacks

knowing what software you’re actually running, with a crucial focus on enumerating all the little pieces that make up the whole and validating that they are what they should be. That way, when you pack a box of software heirlooms and store it on a shelf, you know there isn’t a live microphone or a Tupperware full of deviled eggs sitting in the box for years.

Creating a system to generate a manifest of what’s inside every box in every basement and garage is a massive effort, but a new tool from security firm Chainguard aims to do just that for the software "containers” that underly almost all digital services today.a Linux distribution called Wolfi that is designed specifically for how digital systems are actually built today in the cloud. Most consumers don’t use Linux, the famed open source operating system, on their personal computers.

“What we’ve done is built a distribution that we feel will work well for enterprises looking to seriously address supply chain security,” says Chainguard principal engineer Ariadne Conill. “Different distributions have different pieces of software that they include—they’re curated collections of software. By starting with a Linux distribution that gets everything right from the beginning, that’s a huge advantage for software developers to get their own stuff right.

Think of software containers like a home built out of a shipping container. Everything you need to live is in there, but you can pick up the container house and move it wherever it needs to go. If an operating system is like the appliances, electrical wiring, plumbing, and other infrastructure in the container home, that’s what Wolfi is vetting and pre-itemizing to ensure the security of everything in your container house.

“It’s the exact same thing with software as with physical goods—there can be contraband or counterfeit goods that people are trying to hide and sneak by,” says Adolfo Garcia, a software engineer at Chainguard. “For software, if you don’t have the capability to collect the information at build time, you’re going to be missing a lot about what’s in there.”

United States Latest News, United States Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Ford shuffles management, seeks new global supply chain headFord is restructuring its vehicle development and supply chain operations, shuffling multiple executives just days after announcing that it would build up to 45,000 vehicles with parts missing due to shortages.
Source: chicagotribune - 🏆 8. / 91 Read more »

Supply chain issues: Nearly 45,000 vehicles on hold due to missing parts, Ford saysThe global supply chain backup continues to hurt the auto industry.
Source: wsfa12news - 🏆 338. / 59 Read more »

Ford says tens of thousands of trucks and SUVs are waiting for partsFord is still getting battered by product shortages as supply chain issues continue to undermine the auto industry.
Source: axios - 🏆 302. / 63 Read more »

Supply chain issues: Nearly 45,000 vehicles on hold due to missing parts, Ford saysThe global supply chain backup continues to hurt the auto industry.
Source: AKNewsNow - 🏆 460. / 53 Read more »

Ford shuffles management, seeks new global supply chain head | AutoblogFord is restructuring vehicle development and supply chain, shuffling executives days after saying it would build up to 45,000 vehicles with parts missing.
Source: therealautoblog - 🏆 528. / 51 Read more »