Partner with usThis website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Wind River Bolsters Container Security in VxWorks
November 01, 2023
Wind River, a leading provider of real-time operating systems (RTOS), has announced the addition of Sigstore's Cosign to its container engine within VxWorks. This move aims to enhance the security of software deployment and management using containers.
Containers have become increasingly popular in mission-critical industries such as automotive, aerospace, defense, and industrial sectors. They offer a software-defined approach that helps advance these markets. Avijit Sinha, the Chief Product Officer at Wind River, stated, "Our support for Cosign is helping teams further strengthen secure application deployment and updates."
The Wind River real-time embedded container engine, which was initially released in 2021, follows the OCI (Open Container Initiative) specifications for packaging, distribution, runtime, and runc under the CNCF (Cloud Native Computing Foundation). In 2022, the engine added support for the overlay file system to enhance application isolation. Additionally, it includes an embedded kubelet for Kubernetes.
While secure access to the registry and applications was already provided, the integration of Cosign enables the handling of signed containers. This feature simplifies the signing and verification process by leveraging existing development infrastructure, such as cloud-managed KMS and container registries. Wind River emphasized that teams no longer need to rely on bespoke tools and workflows, reducing risks by utilizing open standards, known workflows, tools, and infrastructures. This allows for the deployment, operation, management, and updates of real-time software for an RTOS, similar to Linux.
With the addition of Sigstore's Cosign to its container engine, Wind River is taking a significant step towards enhancing the security of software deployment and management in critical industries. By leveraging existing development infrastructure and open standards, teams can streamline their workflows and reduce risks associated with container deployment. This move further solidifies Wind River's commitment to providing reliable and secure solutions for real-time operating systems.
Sign up for HardwareBee
Recent Stories
