258 Views

Wind River Bolsters Container Security in VxWorks

LinkedIn Facebook X
November 01, 2023

Get a Price Quote

Wind River, a leading provider of real-time operating systems (RTOS), has announced the addition of Sigstore's Cosign to its container engine within VxWorks. This move aims to enhance the security of software deployment and management using containers.

Containers have become increasingly popular in mission-critical industries such as automotive, aerospace, defense, and industrial sectors. They offer a software-defined approach that helps advance these markets. Avijit Sinha, the Chief Product Officer at Wind River, stated, "Our support for Cosign is helping teams further strengthen secure application deployment and updates."

The Wind River real-time embedded container engine, which was initially released in 2021, follows the OCI (Open Container Initiative) specifications for packaging, distribution, runtime, and runc under the CNCF (Cloud Native Computing Foundation). In 2022, the engine added support for the overlay file system to enhance application isolation. Additionally, it includes an embedded kubelet for Kubernetes.

While secure access to the registry and applications was already provided, the integration of Cosign enables the handling of signed containers. This feature simplifies the signing and verification process by leveraging existing development infrastructure, such as cloud-managed KMS and container registries. Wind River emphasized that teams no longer need to rely on bespoke tools and workflows, reducing risks by utilizing open standards, known workflows, tools, and infrastructures. This allows for the deployment, operation, management, and updates of real-time software for an RTOS, similar to Linux.

With the addition of Sigstore's Cosign to its container engine, Wind River is taking a significant step towards enhancing the security of software deployment and management in critical industries. By leveraging existing development infrastructure and open standards, teams can streamline their workflows and reduce risks associated with container deployment. This move further solidifies Wind River's commitment to providing reliable and secure solutions for real-time operating systems.

Recent Stories