Security News > 2022 > September > Software supply chain security gets its first Linux distro, Wolfi
Despite all the security vendors' best efforts to whitewash their products around software supply chain security, it's still unclear exactly how anyone is supposed to build or maintain these SBOMs. Recent memos out to the heads of federal agencies merely underscore the "Importance of secure software development environments" without much useful elaboration on how to get there.
A new stack is forming, and I believe we are about to see theoretical conversations about software supply chain security leapfrog into actual implementations and refinement of best practices.
Second, SLSA - pronounced "Salsa" - and the Secure Software Development Framework are similarly experiencing massive adoption as frameworks that explicitly guide the process of locking down software supply chain security.
In their recent report, Securing the Software Supply Chain guide for developers, U.S. national security heavyweights NSA, CISA and ODNI referenced SLSA and SSDF 14 and 38 times respectively.
Today they launched the first Linux distribution purpose-built for software supply chain security: Wolfi.
With Wolfi, they have created a community Linux undistribution built with default security measures for the software supply chain - it ships today with base images for stand-alone binaries, applications like nginx and development tooling like Go and C compilers.
News URL
https://www.techrepublic.com/article/software-supply-chain-security-first-linux-distro-wolfi/
Related news
- Deepen your knowledge of Linux security (source)
- Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0 (source)
- 'Alarming' security bugs lay low in Linux's needrestart utility for 10 years (source)
- Discover the future of Linux security (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released (source)