January 25, 2024 at 11:48AM
The growing use of open source software expands into the AI market. Venafi offers Stop Unauthorized Code Solution for traditional OSS, while Protect AI’s Guardian secures open source machine learning models. Both products aim to tackle the unique security challenges of their respective markets. They operate as crucial security measures to protect systems and networks.
From the meeting notes, it is clear that the use of open source software is expanding into the AI market, presenting new challenges for securing traditional OSS supply chain and new AI model software supply chain. This has led to the development of two new products: Venafi’s Stop Unauthorized Code Solution targeting the traditional OSS market, and Protect AI’s Guardian tackling the new open source machine learning model market.
Both products emphasize the need for proactive steps to secure open source software supply chains due to the enduring threat from OSS supply chain, despite some doubts over the effectiveness of SBOMs in solving unique OSS problems.
Venafi’s Stop Unauthorized Code Solution combines CodeSign Protect and CodeGuard Service to assure OSS code integrity, authorize its use, and block unauthorized code. This is presented as a crucial step to prevent malware attacks and zero-day exploits.
On the other hand, Protect AI’s Guardian product targets the security risks posed by the growing democratization of AI/ML models, particularly from platforms like Hugging Face, which introduces the unintended spread of malicious software among users. Protect AI has introduced ModelScan and now Guardian to enforce security measures for AI models, aiming to act as a secure gateway and provide comprehensive insights into model origins, creators, and licensing.
In summary, both products offer solutions to secure the open source software supply chain, with Venafi focusing on the traditional OSS market and Protect AI addressing the emerging open source AI code vector.