75% of all application code bases are open-source. This is a sign of the widespread use of open source technology in every industry. This adoption has been particularly widespread in the supply chain of software, where attacks increased by 742% between 2020 and now.
The Red Hat Software Summit, held in Boston this week, is largely focused on three products that are designed to address government regulations and growing demands for enhanced software security.
Security & AI Initiatives
OpenShift AI, the company’s AI platform, is at the center of its major announcements. Red Hat Service InterconnectTrusted Software Supply Chain.
OpenShift AI is the foundation of the generative AI services offered by Watsonx.aiIBM’s artificial-intelligence platform is designed to scale intelligent apps and services across the enterprise. It fuels the next generation foundation models.
To train large language models like GPT-4 or LLaMA, you need a specialized infrastructure and tools. OpenShift AI solves these challenges by providing consistency in infrastructure across training, deployment and inference.
Service Interconnect simplifies the application connectivity and security between platforms, clusters and clouds. Based on the Skupper It is an open-source project that allows developers to establish trusted connections between services, apps, and workloads in different environments, without the need for complex network configurations or elevated security permissions.
Trusted Software Supply Chain increases resilience against software supply chain vulnerabilities. It is designed to work with two new cloud-based services, Red Hat Trusted Application Pipeline (and Red Hat Trusted Content), in order to promote the adoption of DevSecOps, and integrate security into all stages of software development.
IT organizations can no longer rely on production applications to be the only thing they do. Sarwar Raza is vice president and general manger for Cloud Services at Red Hat. He says that they must also enhance the security of components that are part of the final product.
He said that CIOs face a number of challenges, including verifying the provenance and quality of open-source software components and ensuring robust delivery and development practices.
Artificial Intelligence Guardrails: How to Build them
OpenShift AI helps remove these barriers by providing a standardized basis for creating AI/ML models in production and running the resulting application. Red Hat OpenShift will be able to deliver ease of use, consistency and cloud-to edge deployment options.
Red Hat AI Platform offers several options for technology partner offerings including Anaconda (IBM Watson Studio), Intel OpenVINO, AI Analytics Toolkit Pachyderm Starburst. OpenShift also offers access to more than 30 AI/ML-certified partner companies.
Chris Wright (CTO and SVP Global Engineering, Red Hat) noted that “Foundation Models provide real, tangible benefits for enterprises when it comes harnessing the benefits AI. But they still require investments in training and customizing to meet unique enterprise needs.”
The Tech Partners Need to Tweak What They Need
Industry Analyst Firm IDC By 2025, the majority (75%) organizations will choose technology partners that offer a consistent deployment experience across cloud-based, edge-based, and dedicated environments.
Service Interconnect solves cross-platform, multi-cloud communication issues. It allows developers to create resilient and trusted connections between applications running in any Kubernetes, virtual machine, or hardware host. They can extend connections across any architecture without elevating privileges and advanced networking skills.
Lee Ross, the head of technology at the Australia and New Zealand Banking Group, said that this approach had enabled them to be on the cutting edge of new technologies.
“With Red Hat Service Interconnect we were able migrate our application services into the cloud while saving costs and with minimal downtime. Additionally, our developers were able to continue to focus on what they do best — creating new applications — throughout the process,” Ross said in commenting on the announcement.
Plugging supply chain vulnerabilities
Raza reports that Red Hat’s Trusted Software Supply Chain is a service designed to convert the company’s decades-long experience in open source software supply chains into services which are easy to integrate and consume.
He said that the result would help “not only build trust in production applications, but also bring them more quickly to market.”
The most comprehensive trusted content library available in the industry will be provided to customers.
- In just a few simple steps, you can import git repositories, configure continuous build, testing, and deployment pipelines that are container native, using a cloud-based service;
- Check for transitive dependencies and source code;
- Create Software Bill of Materials automatically within the builds
- The Enterprise Contract Policy Engine can verify and promote container images by confirming consistency with industry standards such as Supply Chain Levels for Software Artifacts.
