Security News > 2022 > September > Software supply chain security gets its first Linux distro, Wolfi

Software supply chain security gets its first Linux distro, Wolfi
2022-09-22 13:00

Despite all the security vendors' best efforts to whitewash their products around software supply chain security, it's still unclear exactly how anyone is supposed to build or maintain these SBOMs. Recent memos out to the heads of federal agencies merely underscore the "Importance of secure software development environments" without much useful elaboration on how to get there.

A new stack is forming, and I believe we are about to see theoretical conversations about software supply chain security leapfrog into actual implementations and refinement of best practices.

Second, SLSA - pronounced "Salsa" - and the Secure Software Development Framework are similarly experiencing massive adoption as frameworks that explicitly guide the process of locking down software supply chain security.

In their recent report, Securing the Software Supply Chain guide for developers, U.S. national security heavyweights NSA, CISA and ODNI referenced SLSA and SSDF 14 and 38 times respectively.

Today they launched the first Linux distribution purpose-built for software supply chain security: Wolfi.

With Wolfi, they have created a community Linux undistribution built with default security measures for the software supply chain - it ships today with base images for stand-alone binaries, applications like nginx and development tooling like Go and C compilers.


News URL

https://www.techrepublic.com/article/software-supply-chain-security-first-linux-distro-wolfi/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232