back to article Google dishes out homemade SLSA, a recipe to thwart software supply-chain attacks

Google has proposed a framework called SLSA for dealing with supply chain attacks, a security risk exemplified by the recent compromise of the SolarWinds Orion IT monitoring platform. SLSA – short for Supply chain Levels for Software Artifacts and pronounced "salsa" for those inclined to add convenience vowels – aspires to …

  1. Claptrap314 Silver badge


    "By making it possible to write parts of the Linux kernel in Rust, which is memory-safe, we can entirely eliminate memory safety vulnerabilities from certain components, such as drivers."

    Well, that kinda opens the door to finally making use of ring 1 after...30 years?

    Seriously, how many bugs has the Linux kernel had due to memory safety issues outside of drivers?

    I've seen the LK. Pre-SPECTRE, you could argue that bounds checking was cheap enough to be promiscuous about it. No more.

    Rustifying the LK is a solution in search of a problem.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021