AWS, SolarWinds

Edera today revealed it is making Sprout, a bootloader built using the Rust programming language that makes operating systems more secure, available under an open source license.

Company CTO Alex Zenla said, unlike legacy bootloaders written in C or other legacy programming languages, a much thinner Sprout alternative eliminates entire classes of memory safety issues, such as buffer overflows, to both reduce the attack surface and improve the speed at which operating systems are loaded onto hardware to less than 50 milliseconds.

That latter issue has become more significant as more graphical processor units (GPUs) that today take a long time to boot are added to IT environments, noted Zenla.

Edera, a provider of a hypervisor designed to isolate and better secure container images running on Kubernetes clusters, developed Sprout to address those issues within its own platform. Sprout, in effect, provides IT teams with a manifest through which they can more easily automate the booting of operating systems without having to build and maintain scripts, she added. Instead, Sprout provides IT teams with a data-centric format that is both human and machine-readable and writable.

Sprout automatically detects and integrates existing system configurations for existing bootloaders such as GRand Unified Bootloader (GRUB) and is compatible with systemd, a bootloader specification (BLS).

Designed to intelligently configure the Edera hypervisor dynamically at boot time, it’s not clear how quickly IT teams might be willing to abandon legacy bootloaders.

In general, there is a push to replace legacy tools with more memory-safe tools written in languages such as Rust. Memory-safe programming languages are designed to prevent common memory-related vulnerabilities and errors, such as buffer overflows and dangling pointers, by enforcing, for example, a set of strict garbage collection rules. They also provide capabilities such as array bounds checking and type safety to limit access and prevent memory corruption.

The challenge, of course, is that when it comes to transitioning to new programming languages, progress is usually measured in years. As a result, many IT organizations will continue to deploy applications written in legacy programming languages that are not as secure as Rust for many years to come. More challenging still, modernizing legacy applications written in those legacy programming languages will, even with the aid of artificial intelligence (AI) tools will require years.

In the meantime, however, IT teams might want to start adopting new tools written in languages such as Rust to at the very least accelerate the process of replacing tools that many cybercriminals are capable of easily exploiting. The challenge, as always, is that many IT administrators have tools they have been using for years. Convincing them to give those tools up in the name of improving security is not always an easy conversation. Fortunately, the latest generation of tools being provided also appears to be both faster and simpler to use, so there is hope.

The issue then becomes making a concerted effort to overcome the amount of inertia and resistance that is always encountered whenever there is a need for change.

TECHSTRONG TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

SHARE THIS STORY

RELATED STORIES:

Microsoft Open Sources OpenVMM: Paravirtualization in Progress

What Does CXL Mean? | Checksum Episode 23

Salt Typhoon Storms the Government | The Gestalt IT Rundown: December 11, 2024

Is Intel’s Optane Technology Really Dead? | Checksum: Episode 21