Really cool news out of Chainguard today about Wolfi: it's memory safe!

Learn how we built the memory safety into the distro here: https://www.chainguard.dev/unchained/building-the-first-memory-safe-distro-wolfi

Thanks to Josh Aas & Internet Security Research Group for the collaboration on this one.

Memory safety vulnerabilities are responsible for the vast majority of critical, remotely exploitable, and in-the-wild attacks we see on software. According to Consumer Reports, 60 to 70% of browser and kernel vulnerabilities—and security bugs found in C/C++ code bases—are due to memory unsafety.

Through a combination of leveraging new libraries written in memory safe languages as soon as possible while being as safe as we can with libraries in unsafe languages, we believe that Wolfi is setting the standard when it comes to memory safety in distributions.

Latest from the brilliant @ariadne:

Understanding the relationship between FOSS and the “software supply chain”

https://www.chainguard.dev/unchained/understanding-the-relationship-between-foss-and-the-software-supply-chain

Her top 3 takeaways for software distribution:

🙅Nobody can prevent you from writing your own software
🗣️Consumers can ask you for things, but they can't require them
🤝If you want to distribute your software via a particular channel, you need to follow that channel's rules

Happy Friday the 13th! You know what's suspicious? The stale software likely running in your production environment 🤔

Chainguard's CTO Matthew Moore walks through a practice dubbed “Build Horizon” at Google that imposes a maximum age on build artifacts, and how you can leverage #ChainguardEnforce to detect violations of this policy.

https://www.chainguard.dev/unchained/conquer-your-build-horizon-with-chainguard-enforce-in-2023

You could say I've learned a few things since joining Chainguard.

Today, we published a blog post I wrote about the benefits of keyless software signing...

This was inspired after reading about the recent CircleCI & Slack security incidents.

Sneak peek at some of the *key* benefits I run through:

🔒 Improved security (obviously)
‍ 🔀 Enhanced traceability
‍ 🧘‍♀️ Increased flexibility
‍ 👥 Reduced reliance on individual team members

More: https://www.chainguard.dev/unchained/benefits-of-keyless-software-signing

Do you like keys, values and memes, and dislike CVEs? Try out the Chainguard #Redis image today!

https://www.chainguard.dev/unchained/chainguard-image-redis

Are SBOMs Any Good? Preliminary Measurement of the Quality of Open Source Project SBOMs

https://www.chainguard.dev/unchained/are-sboms-any-good-preliminary-measurement-of-the-quality-of-open-source-project-sboms

NEW: Chainguard Enforce now has support for the Rego Policy Language.

More dets on how to get started with it here: https://www.chainguard.dev/unchained/getting-started-with-rego-policies

#supplychainsecurity