Technology Pyrsia open source initiative fuels confidence in software supply...

Pyrsia open source initiative fuels confidence in software supply chain

-

Register now for your free virtual pass to the Low-Code/No-Code Summit on November 9. Hear from executives at Service Now, Credit Karma, Stitch Fix, Appian and more. Learn more.


Open source is everywhere, a critical part of almost every technology in use today.

This also makes it one of the biggest threat vectors. Cyber ​​attackers are increasingly looking for vulnerabilities in the software supply chain, such as critical vulnerabilities, misconfigured services, or leaked secrets.

“The myriad of tools and processes, not to mention the vast amounts of open source libraries and binaries, all present opportunities for accidental and nefarious injection of risk,” said Stephen Chin, VP of Developer Relations at the software supply chain security firm. JFrog.

The open-source software initiative Pyrsia was launched in Be able to 2022 to address this ubiquitous problem. It uses blockchain technology to secure software packages against vulnerabilities and malicious code.

Event

Top with little code/no code

Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.

Register here

To advance its mission and promote wider adoption, Pyrsia is now an incubation project under the Continuous delivery Foundation (CD). JFrog, which launched Pyrsia with other industry leaders, made the announcement today KubeCon.

“Pyrsia aims to provide a tool to establish and verify trust in the software delivery world,” said Chin, who is also a board member of the CDF.

He added that “we believe that open source security will only be successful if we provide the community with the same tools and services that are available to enterprises.”

Open source: useful, but easy to abuse

Recent research by Synopsys shows that open source libraries and components make up more than 75% of the code in the average software application. In addition, the average software application relies on more than 500 components.

As Chin noted, these open-source dependencies are useful, but they also present new vulnerabilities that threat actors can exploit.

Cybercrime is costing the global economy $6 trillion in 2021 — and this figure is expected to rise to $10.5 trillion by 2025. Gartner research reveals that 89% of companies have experienced a supplier risk event in the past five years, and a survey by Argon Security indicates that attacks on the software supply chain grew by more than 300% between 2020 and 2021.

“Open source is everywhere,” Chin says, “and while it has always been seen as a seed for innovation and modernization, the recent rise of attacks on the software supply chain has left every organization vulnerable.”

He identified three security threats to the software supply chain: unintended vulnerabilities, intentional vulnerabilities and malicious software packages. And, unlike vulnerabilities that require exploitation, malicious software packages contain malicious code that, when executed, performs unwanted actions and activities.

Verify trust

Chin described Pyrsia as an open source, decentralized, secure network and software package repository that provides developers with a digitally signed, immutable chain of proof for their code.

Using certified and peer-verified builds, it aims to build trust for open source packages used as dependencies in software development. It provides a decentralized packet network that understands packet coordinates, semantics and discoverability.

Pyrsia integrates with existing package management systems so developers can certify their software components without compromising compatibility, security or efficiency, Chin said. It also continues to work even if there are local outages.

“We learned recently as an industry that no one is safe from cybercrime, especially when malicious actors inject malicious packages into central repositories, causing damage to downstream systems and applications,” said Fatih Degirmenci, executive director of the CDF. Pyrsia “puts power back in the hands of developers and ultimately accelerates innovation.”

Blockchain: an immutable ledger

Confirming dependencies requires a reliable and verifiable log that is written once, read many times, and contains entries that are immutable, Chin explained. Trust also requires a database that is tamper-resistant and guarantees the discovery and resolution of malicious additions.

And blockchain technology has proven to be one of those immutable databases, as Chin explained, adding that blockchain implementation requires a consensus mechanism based on Byzantine fault tolerance (BFT) — the ability of a system to continue operating even if some nodes failure or acting maliciously.

This ensures that there is security against a takeover of the network, according to Chin, with consensus for each block of data captured. BFT algorithms can withstand attacks spanning the network and can tolerate up to a third of network failures.

Blockchain provides a scalable provenance log and is best suited for large amounts of chained data spread across wide networks (as evidenced by its success in the cryptocurrency world).

The technology can improve the state of the software supply chain by providing transparency into how open source software is built on the network, as Chin explained.

“This transparency is intended to give developers the confidence to use the open source library in their production environments,” he said.

JFrog and other open-source technology leaders — Docker, DeployHub, Futurewei, and Oracle — teamed up earlier this year to officially launch Pyrsia. Since then, they’ve helped create opportunities for cross-project collaboration within the CDF to link secure packages with community tools, Chin explains.

By working together now, JFrog and the CDF will ensure Pyrsia increases its support and engagement through the use of a centralized governance model, a defined roadmap and broad representation within the wider technology and open source communities, explains Chin.

“We are grateful for the support of our industry partners and the community for helping to secure open source so that it can continue to be a true source of innovation,” he said.

The mission of VentureBeat is a digital city square for tech decision makers to gain knowledge about transformative business technology and transactions. Discover our briefings.

Shreya Christinahttp://ukbusinessupdates.com
Shreya has been with ukbusinessupdates.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider ukbusinessupdates.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Latest news

Casino Pin Up Pin-up Casino Resmi Sitesi Türkiye Proloq Ve Kayıt Çevrimiçi

ContentPin Up Nə Say Onlayn Kazino Təklif Edir?Pin Up Casino-da Pul Çıxarmaq Nə Miqdar Müddət Alır?Vəsaiti Kartadan Çıxarmaq üçün...

Играть В Авиатора: Самолетик Pin Up

ContentAviator: Son Qumar Oyunu Təcrübəsini AçınMobil Proqram Pin UpPin Up Aviator Nasıl Oynanır?Бонус За Регистрацию В Pin Up?Pin Up...

Pin Up 306 Casino əvvəl Qeydiyyat, Bonuslar, Yukl The National Investo

ContentDarajalarfoydalanuvchilar Pin UpCasino Pin-up Pin-up On Line Casino Resmi Sitesi Türkiye Başlanğıc Ve Kayıt ÇevrimiçPromosyon Və Qeydiyyatdan KeçməkAviator OyunuAviator...

Find Experts to Write My Paper for Me. Just Click a Button Even though you may have many...

Oyunu Xinclamaq Mümkündürmü?

ContentAviator Apk HackAviator-da Necə Bonus Əldə Etmək OlarAviator Hack - Oyunu Xinclamaq Mümkündürmü?Aviator Hədis AlqoritmləriIşarə Hacking AviatorAviator Oyunu 1winMərclər...

Rəsmi Casino Veb Pin Up

ContentPin Up Bet-ə Casino Girişi - TədqiqatçılarPin Up QeydiyyatıMüasir Kriptovalyuta Kazinolarını Skan Etmək üçün ürəyiaçiq MəsləhətlərPinup-az Online Casino Pin-upPin-up...

Must read

You might also likeRELATED
Recommended to you