JFrog Ltd. announced Pyrsia, an open source software community initiative that utilizes blockchain technology to secure software packages (a.k.a. binaries) from vulnerabilities and malicious code, has become an incubating project under the Continuous Delivery Foundation (CDF). Working together, JFrog and the CD Foundation will ensure Pyrsia grows its backing and engagement through the use of a centralized governance model, defined roadmap, and broad representation within the wider technology and open source communities.
Open-source is everywhere, a critical element of nearly every technology in use today.
This also makes it one of the greatest threat vectors. Cyberattackers are increasingly looking to exploit weak chinks — such as critical vulnerabilities, misconfigured services or leaked secrets — across the software supply chain.Â
“The myriad tools and processes, not to mention the huge amounts of open-source libraries and binaries, all introduce opportunities for accidental and nefarious injection of risk,” said Stephen Chin, VP of developer relations at software supply chain security company JFrog.Â
At the KubeCon + CloudNativeCon North America conference this week, JFrog announced it contributed the Pyrsia project, which uses blockchain technologies to secure software packages, to the Continuous Delivery (CD) Foundation.
Stephen Chin, vice president of developer relations at JFrog and governing board member for the CD Foundation, said the goal is to increase the number of contributors to the project. Current contributors to the Pyrsia project include Docker, Inc., DeployHub, Futurewei and Oracle.