Security

CONFERENCE REPORT

Red Hat Summit Targets Fixing Open-Source Code Flaws

Red Hat Summit logo

As a testament to the expanded use of open-source technology across all industries, 75% of application code bases use open-source code. This adoption is particularly prolific in the software supply chain, where attacks have soared 742% since 2020.

A significant portion of the focus for the Red Hat Software Summit held this week in Boston are three core products designed to meet the growing demands for better software security and government regulations requiring enhanced application security across all industries.

Security & AI Initiatives

The company’s major announcements involve its OpenShift AI platform, Red Hat Service Interconnect, and its Trusted Software Supply Chain.

OpenShift AI underpins the generative AI services of Watsonx.ai, IBM’s artificial intelligence platform designed to scale intelligent applications and services across all aspects of the enterprise, fueling the next generation of foundation models.

Large language models (LLMs) like GPT-4 and LLaMA require training AI models using intensive infrastructure requiring specialized platforms and tools. OpenShift AI addresses these challenges by providing infrastructure consistency across training, deployment, and inference to unlock the potential of AI.

Service Interconnect simplifies application connectivity and security across platforms, clusters, and clouds. Based on the Skupper open-source project, it enables developers to create trusted connections more seamlessly between services, applications, and workloads across environments without requiring complex network reconfigurations or elevated security privileges.

Trusted Software Supply Chain enhances resilience to software supply chain vulnerabilities. It works with two new cloud services, Red Hat Trusted Application Pipeline, and Red Hat Trusted Content, to advance the successful adoption of DevSecOps practices and embed security into every stage of the software development lifecycle.

No longer can IT organizations solely create production applications. According to Sarwar Raza, vice president and general manager for Cloud Services at Red Hat, they also need to enhance the security of the components that make up the final product.

“Verifying the provenance of open-source components, along with continually scanning both the code moving through delivery pipelines and the delivery pipelines themselves, along with enforcing robust development and delivery practices, can be a significant challenge for CIOs,” he offered.

Building in Guardrails for Artificial Intelligence

OpenShift AI will help remove many of these barriers to using AI with a standardized foundation for creating production AI/ML models and running the resulting applications. It will deliver consistency, ease-of-use, and cloud-to-edge deployment options of Red Hat OpenShift.

The existing AI platform by Red Hat provides several optional technology partner offerings, including Anaconda, IBM Watson Studio, Intel OpenVINO and AI Analytics Toolkit, Pachyderm, and Starburst. It also includes access to 30 additional AI/ML-certified partners as part of the OpenShift ecosystem.

“Foundation models provide real, tangible benefits to enterprises when it comes to harnessing the benefits of AI, but they still require investment in training and fine-tuning to meet the unique needs of an enterprise,” noted Chris Wright, CTO and SVP of Global Engineering at Red Hat.

Tweaking What Tech Partners Need

Industry analyst firm IDC predicts that by 2025 a large majority (75%) of organizations will favor technology partners that provide a consistent application deployment experience across cloud, edge, and dedicated environments.

Service Interconnect helps solve cross-platform and multi-cloud communication challenges. With it, developers can add trusted, resilient connectivity between applications running on any Kubernetes cluster, virtual machine, or bare-metal host. They can stretch connections across any infrastructure without elevating privileges or advanced networking skills.

According to Lee Ross, head of technology for that financial organization, that approach has enabled the Australia and New Zealand Banking Group to jump to the forefront of innovative technologies.

“With Red Hat Service Interconnect, we were able to migrate our application services to the cloud with minimal downtime or changes while saving on costs. Additionally, our developers were able to continue to focus on what they do best — creating new applications — throughout the process,” Ross said in commenting on the announcement.

Plugging Supply Chain Vulnerabilities

Red Hat’s Trusted Software Supply Chain seeks to codify the company’s decades of experience in open-source software supply chains into easily-integrated and easily-consumed services, according to Raza.

The result will help “to not only build trust around production applications but also bring them to market more quickly,” he said.

It will provide customers with the most extensive trusted content library in the industry and will allow customers to:

  • Import git repositories and configure container-native continuous build, test, and deployment pipelines via a cloud service in just a few steps;
  • Inspect source code and transitive dependencies;
  • Auto-generate Software Bill of Materials (SBOMs) within builds; and
  • Verify and promote container images via an enterprise contract policy engine that helps confirm consistency with industry standards like Supply Chain Levels for Software Artifacts (SLSA).
Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

1 Comment

  • Great to see an OS trying to fix flaw rather than creating new stuff like eye candy. I understand developers want to develop, but what use is flawed software?

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

LinuxInsider Channels