Connect with us

Tech

Open-source initiative Pyrsia fuels up to boost trust in software supply chain

Published

on

Open-source initiative Pyrsia fuels up to boost trust in software supply chain

open source

Image Credit: Dirk Ercken / Shutterstock

Register now for your free virtual pass to the Low-Code/No-Code Summit this November 9. Hear from executives from Service Now, Credit Karma, Stitch Fix, Appian, and more. Learn more.


Open-source is everywhere, a critical element of nearly every technology in use today. 

This also makes it one of the greatest threat vectors. Cyberattackers are increasingly looking to exploit weak chinks — such as critical vulnerabilities, misconfigured services or leaked secrets — across the software supply chain. 

“The myriad tools and processes, not to mention the huge amounts of open-source libraries and binaries, all introduce opportunities for accidental and nefarious injection of risk,” said Stephen Chin, VP of developer relations at software supply chain security company JFrog

The open-source software initiative Pyrsia was introduced in May 2022 to help address this pervasive problem. It utilizes blockchain technology to secure software packages from vulnerabilities and malicious code.

Event

Low-Code/No-Code Summit

Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.


Register Here

To further its mission and foster broader adoption, Pyrsia is now an incubating project under the Continuous Delivery Foundation (CDF). JFrog, which launched Pyrsia with other industry leaders, made the announcement today at KubeCon

“Pyrsia aims to provide a tool to establish and verify trust in the software delivery world,” said Chin, who is also governing board member for the CDF. 

He added that “we believe that open-source security will only be successful if we provide the community with the same tools and services that are available to enterprises.”

Open source: Convenient, but easy to exploit

Recent research from Synopsys shows that open-source libraries and components make up more than 75% of the code in the average software application. Furthermore, the average software application depends on more than 500 components. 

As Chin noted, these open-source dependencies are convenient, but they also present new vulnerabilities for threat actors to exploit. 

Cybercrimes cost the global economy $6 trillion in 2021 — and this figure is expected to increase to $10.5 trillion by 2025. Gartner research reveals that 89% of companies experienced a supplier risk event in the last five years, and a study from Argon Security indicates that software supply chain attacks grew by more than 300% between 2020 and 2021.

“Open source is everywhere,” said Chin, “and while it has always been seen as a seed for innovation and modernization, the recent rise of software supply chain attacks has made every organization vulnerable.”

He identified three software supply chain security threats: unintentional vulnerabilities, intentional vulnerabilities and malicious software packages. And, unlike vulnerabilities that require exploitation, malicious software packages include malicious code that, when run, performs unwanted actions and activity.

Verifying trust

Chin described Pyrsia as an open source-based, decentralized, secure build network and software package repository that provides developers with a digitally signed, immutable chain of evidence for their code. 

Using certified and peer-verified builds, it aims to build trust for open-source packages being used as dependencies in software development. It provides a decentralized package network that understands package coordinates, semantics and discoverability. 

Pyrsia integrates with existing package management systems so that developers can certify their software components without foregoing compatibility, security or efficiency, according to Chin. It also continues to work even if there are local outages. 

“We’ve recently learned as an industry that no one is safe from cybercriminal activity, particularly when bad actors inject malicious packages into central repositories, wreaking havoc on downstream systems and applications,” said Fatih Degirmenci, executive director of the CDF. Pyrsia “puts the power back in the hands of developers and, ultimately, accelerates innovation.”

Blockchain: An immutable ledger

To assert dependencies requires a reliable and verifiable log that is written once, read many times, and has entries that are immutable, Chin explained. Trust also demands a database that is tamper-proof and guarantees the discovery and resolution of malicious additions. 

And blockchain technology has proven to be one of those immutable databases, as Chin explained, adding that blockchain implementation requires a consensus mechanism based on Byzantine Fault Tolerance (BFT) — a system’s ability to continue operating even if some nodes fail or act maliciously.

This ensures that there is security against a takeover of the network, according to Chin, with consensus for each block of data committed. BFT algorithms are resilient against attacks spanning the network and can tolerate up to one-third of network failures. 

Blockchain provides a scalable provenance log, and is best suited for large amounts of chained data distributed across wide networks (as evidenced in its success in the cryptocurrency world).

The technology can improve the state of the software supply chain by providing transparency into how open-source software is being built on the network, as Chin explained. 

“This transparency is aimed to give developers the confidence to use the open-source library in their production environments,” he said. 

JFrog and other open-source technology leaders — Docker, DeployHub, Futurewei and Oracle — collaborated to officially launch Pyrsia earlier this year. They have since helped to create opportunities for cross-project collaboration within the CDF to interlink secure packages with community tools, explained Chin. 

Now, by working together, JFrog and the CDF will ensure that Pyrsia grows its backing and engagement through the use of a centralized governance model, defined roadmap, and broad representation within the wider technology and open-source communities, explained Chin. 

“We’re grateful for the help of our industry partners and the community for joining us in securing open-source so it can remain a true fountain of innovation,” he said. 

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

Read More

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

The best mini dash cam is still down to its record-low Cyber Monday price

Published

on

By

The best mini dash cam is still down to its record-low Cyber Monday price
The Garmin Dash Cam Mini 2 on a green background



(Image credit: Garmin)

One of Cyber Monday’s best dash cam deals was a lowest-ever price on the Garmin Dash Cam Mini 2 – and that offer is still available at Amazon, for now.

We rate the Dash Cam Mini 2 as the best compact dash cam you can buy and it’s also one of the best-value ones around thanks to Amazon’s 15% off deal, which takes it down to $109.99 (from its usual $129.99) (opens in new tab).

We’d expected the Cyber Monday deal to have gone by now, but it’s still going strong today. It isn’t clear how long it’ll be available for, though, so if you need a dash cam that just does the basics and shoots good-quality 1080p video, we’d suggest picking it up sooner rather than later.

In our review of Garmin’s tiny dash cam, which is about the size of a key fob, we praised its “focus on simplicity”, along with its “high-quality HD footage and useful set of voice control commands”.

Today’s best dash cam deal

While the Garmin Dash Cam Mini 2 lacks premium features like 4K video recording or a rear screen, we think it nails the basics and offers great value, particularly in this post-Cyber Monday deal.

Because it’s tiny and weighs only 35g, it can hide away discreetly behind your rear-view mirror, which makes it particularly suitable for small cars. In our tests, we were also impressed with the quality of its 1080p video and 140-degree field of view, plus the handy voice controls.

And while the Dash Cam Mini 2 does also lack GPS, we found the Garmin Drive app – which is an important part of the dash cam experience – to be very polished and user-friendly. We had no issues with connecting it to the dash cam, which is where some models can slip up, and it’s free for iOS and Android phones.

Looking for a more traditional camera to help shoot photos and video outside your car? Check out our broader round-up of the best Cyber Monday camera deals that are still going. 

More dash cam deals

No matter where you live, you’ll find all the lowest prices for dash cams from around the web right here, with offers available in your region.

More US Cyber Monday deals

Mark is the Cameras Editor at TechRadar. Having worked in tech journalism for a ludicrous 17 years, Mark is now attempting to break the world record for the number of camera bags hoarded by one person. He was previously Cameras Editor at Trusted Reviews, Acting editor on Stuff.tv, as well as Features editor and Reviews editor on Stuff magazine. As a freelancer, he’s contributed to titles including The Sunday Times, FourFourTwo and Arena. And in a former life, he also won The Daily Telegraph’s Young Sportswriter of the Year. But that was before he discovered the strange joys of getting up at 4am for a photo shoot in London’s Square Mile. 

Read More

Continue Reading

Tech

Apple’s App Store Awards 2022 brings surprises and VR hype for next year

Published

on

By

Apple’s App Store Awards 2022 brings surprises and VR hype for next year
App Store Awards 2022



(Image credit: Apple)

Apple has announced the winners of the App Store Awards 2022, with BeReal – the new social platform that has you snapping and sharing a pair of photos (one from your phone’s front and one from the back camera) each day, took the App of the Year award this year.

The App Store Awards (opens in new tab) is a yearly event where Apple recognizes developers and the apps they’ve created that have made the biggest impact on its users and the company. Whether that’s in social media, games or sport, they take advantage of the hardware and software that Apple’s recently brought out.

There were a bunch of games that were highlighted this year, such as Wilde Flowers (opens in new tab) and Inua (opens in new tab) winning the Apple Arcade game of the year and Cultural Impact award respectively, while GoodNotes 5 (opens in new tab), developed Time Base Technology Limited, took the iPad App of the Year award.

It’s interesting to spot that there’s 16 winners here, rather than 15 of the previous years – that’s because there’s a new ‘China Game of the Year’ added to the roster, which only shows the breadth of how one country is making an impact on the App Store.

With this in mind, TechRadar reached out to the developers of Wylde Flowers, Gentler Streak and Inua about plans for their apps in the near future, after winning these awards from Apple.

Apple’s App Store shows no sign of slowing down

WildeFlowers on iPhone 14 Pro

(Image credit: Apple)

Available on Apple Arcade (opens in new tab), Wylde Flowers is a game reminiscent of Animal Crossing and Stardew Valley, where you control the protagonist – Tara, building and running a farm during the day while also moonlighting as a witch during the night.

Developed by Studio Drydock, the developers told us that they were proud to receive the Apple Arcade game of the year, but that there’s also an upcoming update called ‘Endless Seasons and Romance’ – due for a December release – which will feature different weather effects and new content that players will be able to enjoy.

We asked the team if they would also include the ability to finally customize Tara, and while they said that they were aware of this request from many players, it wasn’t something that they were considering for the time being.

Gentler Streak on iOS and watchOS

(Image credit: Apple)

Inua (opens in new tab) is a time-traveling adventure game that makes for an immersive time on iPhone and iPad, and while developers Arte Experience told us that a version of the game appearing on Apple TV would make for a good next step when we suggested it, they didn’t confirm whether this is expansion would be in the game’s future.

Alongside this, Gentler Streak (opens in new tab) achieves the unique task of encouraging you to work out in a calm and concise way, with useful information inside a well-designed app. The team also confirmed that Live Activities – a feature from iOS 16.1 that allows widgets to show live updates on the Lock Screen – is coming to a future update of the app, alongside adding photos to workouts and more complications to the watchOS app.

Overall, it’s encouraging to see so many varied apps earning awards this year, although it would be nice to see another award that highlights accessibility; either as a separate award or included as a mention as part of other awards.

Regardless, with rumors of an Apple VR headset allegedly debuting in 2023, we could see a completely different App Store Awards next year. It’s a good time to be an Apple user, with the innovation that these independent developers are still bringing to the table, almost 15 years since the App Store debuted, alongside the iPhone 3G, back in 2008.

Daryl had been freelancing for 3 years before joining TechRadar, now reporting on everything software-related. In his spare time he’s written a book, ‘The Making of Tomb Raider’, alongside podcasting and usually found playing games old and new on his PC and MacBook Pro. If you have a story about an updated app, one that’s about to launch, or just anything Software-related, drop him a line.

Read More

Continue Reading

Tech

PwC report: 81% of executives anticipate a recession within the next six months

Published

on

By

PwC report: 81% of executives anticipate a recession within the next six months

A crashing market.

A crashing market.

Image Credit: Andriy Onufriyenko/Getty

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.


Leading through turbulent times has become far too familiar for leaders; PwC’s new report found 90% of executives are concerned about macroeconomic conditions, including the Federal Reserve’s tightening cycle, higher cost of capital, and wages not keeping up with inflation. However, 82% remain confident about their ability to execute on digital transformation initiatives and 77% are confident they can achieve near-term growth goals.

Inflation is a looming threat, but large budget cuts can formulate the exact precarious situation companies hope to avoid. Rather than acting swiftly, the survey found executives are focused on planning for the potential timing and severity of a recession.

Executives are thinking about how to cut costs without reducing headcount, such as using automation and managed services for efficiency. CIOs still plan to invest in digital transformation.

Image source: PwC.

Implementing strategies for recession-proofing

Along with inflation fears, executives are worried about wage growth not keeping up with rising costs, and plan to reduce the number of full-time employees as a result. In fact, 81% of CHROs plan to implement at least one tactic to reduce their workforce, such as layoffs, voluntary retirement or not replacing people who leave on hiring freezes.

Event

Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.


Register Now

The state of hybrid work remains a topic among executives. Two-thirds are concerned with a slower-than-expected returns to work. Many seek to implement on-site training, coaching and mentoring opportunities to attract employees. Executives are challenged to rethink the role of the office by creating a culture that fosters in-office participation.

While fears of a recession loom, not all hope is lost. Leaders are focused on growth and looking to enter a possible recession healthy and exit healthier. While conscious of their cost structure, it’s part of a bigger conversation about how they will transform their businesses for the future, rather than a knee-jerk reaction to current economic conditions. How well and how quickly they are able to execute will determine the outcome.

Effective strategic planning, investment in growth and continuous flexibility will see companies through growing concerns.

PwC’s report surveyed more than 650 business executives, including 91 CFOs and 94 CHROs.

Read the full report by PwC.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

Read More

Continue Reading

Trending

Copyright © 2022 Xanatan