EX200 outline - Red Hat Certified System Administrator (RHCSA)

Red Hat Inc. is betting that software development organizations will be willing to pay for the lessons it has learned over 30 years of working with open-source software at a time when software supply-chain attacks are proliferating.

At its annual Red Hat Summit conference today, the company is launching Trusted Software Supply Chain, an offering that consists of two new cloud services called Red Hat Trusted Application Pipeline and Red Hat Trusted Content.

Software supply chain attacks occur when malicious code is inserted into software from a trusted provider, typically during the distribution or update process. The problem has gained particular urgency with the rapid adoption of open-source code, which is now found in nearly every software package regardless of license.

A 2022 analysis of more than 2,400 commercial code bases by Synopsys Inc. found that 97% contained open-source components and 81% had at least one vulnerability. Nearly nine in 10 applications included components that had not been updated in more than two years.

‘Few guardrails’

“We live in a world where there are few guardrails; developers can pull content from unverified sources put it in your pipeline, deploy to production and now you have a vulnerability or a potential vulnerability down the line,” said Sarwar Raza, general manager of cloud services at Red Hat.

Noting that supply chain attacks have skyrocketed by more than 740% annually over the past three years, Red Hat said it will provide a catalog of more than 10,000 trusted packages that run on Red Hat Enterprise Linux alone as well as a catalog of critical application runtimes across Java, Node and Python ecosystems.

Trusted Application Pipeline is based on Sigstore, an automated approach to digitally signing and checking software components to verify origins and authenticity that its developers say is nearly impossible to sabotage. The pipeline is a continuous integration/continuous delivery mechanism that simplifies the adoption of the same processes, technologies and expertise that Red Hat uses to build production software.

Customers will be able to use the Trusted Application Pipeline to import git repositories and configure container-native continuous build, test and deployment pipelines via a cloud service, inspect source code and transitive dependencies, automatically generate software bills of materials within builds and verify and promote container images via an enterprise contract policy engine that helps confirm consistency with industry standards like Supply chain Levels for Software Artifacts.

SBOMs are increasingly being used to protect against supply chain attacks and were cited in the Biden Administration’s May 2021 Executive Order on Improving the Nation’s Cybersecurity as critical to securing software supply chains. The National Institute of Standards and Technology, Food and Drug Administration and several European governments now strongly encourage their use.

Safe catalog

Red Hat Trusted Content, which will be available as a service preview within a few weeks, will provide real-time knowledge of known vulnerabilities and security risks within open-source software dependencies. It will also suggest ways to minimize risk and provide access to Red Hat-built and curated open-source software using the company’s internal best practices.

“We’re basically making explicit the proof points of trust for all of the thousands and thousands of open-source packages, that that you can get from Red Hat today,” Raza said. “We want to be able to provide customers with the added assurance that the bits they’re deploying are, in fact, safe and secure, and if a vulnerability does show up later on, we can point them to the best sources of content and remediation and intelligence to fix those issues.”

In short, the Trusted Supply Chain offering will enable developers “to provide provenance information to your customers about the software you just built the same way that we do at Red Hat,” said Sudhir Prasad, a Red Hat director of product management.

The company believes it is uniquely positioned to deliver on its promise because of its decades of experience, he said. Competitors “don’t necessarily have the established trust and library of content and information about all that content to solve a big problem,” he said.

Managed Kubernetes security

Also in the security realm, Red Hat today is introducing an Advanced Cluster Security Cloud Service that delivers security capabilities native to the Kubernetes software container orchestrator as a managed cloud service. The offering is independent of the underlying Kubernetes platform and can be deployed in minutes, the company said.

It supports Red Hat OpenShift on private and public clouds as well as Kubernetes services across major cloud providers, including Amazon Web Services Inc.’s Elastic Kubernetes Service, Google LLC’s Kubernetes Engine and Microsoft Corp.’s Azure Kubernetes Service.

Developed by container and Kubernetes threat detection company StackRox Inc., which Red Hat acquired two years ago, the service builds Kubernetes-native security into the entire application and platform lifecycle and helps organizations evolve the agile DevSecOps discipline, in which security is integrated into developer tooling and workflows, the company said.

Photo: Pixabay

Emerging technologies include a variety of innovations such as information technology, nanotechnology, robotics, and artificial intelligence.

Red Hat Inc. has created long-term investments from the office of the CTO. Emerging Technologies and other Red Hat internal departments are creating new projects, such as Kelper, to combat the current resource usage needed to complete automated tasks. 

“This is a project that’s basically about correlating power usage and consumption down to various, like the application and just different components within the application,” Stephen Watt, distinguished engineer and head of the office of the chief technology officer at Red Hat, said. “So, you really sort of know what’s consuming the most power, and then you’re able to take that information and make smart scheduling decisions to have things run more optimally in other places.” 

As the explosion of AI and ChatGPT continues throughout the industry, the majority of software infrastructures are proprietary. With Red Hat being a leading open-source software company, their desire and curiosity to apply the benefits of open source to AI is coming to fruition.

“And so I think, to me, that’s actually an area where Red Hat’s looking at getting more involved in the office of the CTO, and in our emerging technologies group is specifically trying to accelerate the open large language models as well as the smaller models,” Watt said.

Watt spoke with theCUBE industry analyst  John Furrier and Rob Strechay at Red Hat Summit, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how Red Hat seeks to optimize resource usage in automated tasks by correlating power usage and consumption, while also focusing on applying the benefits of open source to AI and accelerating open large language models. (* Disclosure below.)

Projects on the Roadmap

The future of the existing Red Hat project, Kepler, is making progress by reducing error rates. In parallel, quantum has momentum in the roadmap as well.  Watt believes that post-quantum cryptography is the ability of a quantum computer one day being able to crack current encryption. He also commented on another project, Sigstore. 

“If you look at Kubernetes as the nucleus of the cloud-native ecosystem, Sigstore is the nucleus of the secure software supply chain ecosystem, that’s a big one,” Watt said. “That was created and invented in our team at Red Hat. So, I think Kepler is our new hit.”

The office of the CTO is working diligently to provide relatable services to their customers through a transparent process. The team’s primary function is pathfinding: a collaborative group helping to define the future.

“We’re also an engineering group that basically runs all the prototypes to sort of iterate up using the empirical method to get to validate our hypotheses. And so some of this is emerging technologies where we’re actually building the prototypes,” Watt added.

Transparency is key in open-source software and platforms. In this regard, Red Hat has a one-stop view of its roadmap available to the public.

“We have like emerging technologies, it is a website called next.redhat.com,” Watt said. “So, you can go there and see what they’re working on.” 

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Red Hat Summit:

(* Disclosure: Red Hat Inc. sponsored this segment of theCUBE. Neither Red Hat nor other sponsors have editorial control over the content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

Tammy Cooper says Irvine-based Technologent, which has enjoyed more than 20% growth in annual revenue in accurate years, is strategically hiring and investing to make the IT firm recession-proof.

The new hires include some of those who have been hit by the wave of layoffs elsewhere in the tech industry.

“We strategically hire for a need,” Cooper told the Business Journal on May 12. “That’s why we’re not doing cutbacks.”

She added: “We have plans for investment and growth, hopefully recession-proof.”
Cooper was one of five honorees at the Business Journal’s CFO of the Year Awards on May 11 at the Irvine Marriott, and received an award in the Lifetime Achievement category.

Her company provides edge-to-edge information technology solutions and services for Fortune 1000 companies.

Cooper, who is also the company’s CEO and chairman, is responsible for overseeing all financial operations, including budgeting, forecasting, and financial reporting.

Women in Business

It’s the second accurate Business Journal accolade for Cooper; last October she was one of the honorees at the 28th annual Women in Business Awards.

The firm’s headcount is now 265 employees, according to Cooper. Ninety of them are in Orange County, she said, with the rest at various locations.

Technologent’s headquarters are at the 100 Spectrum Center Drive tower. In addition to Irvine, it has 13 offices in the U.S., including San Diego and Las Vegas.

It has international locations in seven countries, including Canada, Mexico and India.
Despite the accurate batch of awards, she stays almost modest about her achievements.

“I’m just working behind the scenes to help my company,” according to Cooper, who became CEO and CFO simultaneously in 2020.

Cooper has six children, all of them out of the house, and she summarizes the advice she has always had for them.

“Pick a goal and everything is achievable if you work toward it,” Cooper said. “Don’t think anything is impossible. Work your way and go for your dreams.”

She acknowledges that her industry is still dominated by men.

As of May 17, Technologent had nine job openings posted on its website, including Red Hat administrator in Phoenix and Senior System Engineer in Portland, Ore.

Global Provider

The 21-year-old Technologent helps clients outpace the new digital economy by creating IT environments that are “agile, flexible, efficient, transparent and secure,” using a variety of hybrid infrastructure, automation, security and data management products.

Owner Tom Gallaway founded Technologent as a Sun Microsystems reseller, selling $9 million in its first year with a single sales representative.

Cooper holds a Bachelor of Business Administration in accounting from Cleveland State University and later moved to Orange County.

She began her career as an accountant working in the steel industry in Cleveland and rose through the ranks over the years prior to moving to Irvine.

She is also involved in philanthropy by participating in Girl Scouts at a local and national level, Jeremiah Society and Meals on Wheels.

Leaders in Oklahoma are taking aim at environmental, social, and governance (ESG) policies embraced by federal agencies in Washington D.C., coming together to push back against what they say are "woke" financing companies that discriminate against the state's energy producers.

"The Oklahoma Energy Producers Alliance (OEPA) has joined with State Treasurer Todd Russ as he takes steps to withhold state funds from woke institutions that discriminate against making oil and gas and agriculture business loans," reads a press release by OEPA Wednesday.

The release comes after Russ announced a crackdown earlier this year on lenders that violate Oklahoma's new anti-ESG law, which is designed to punish companies who discriminate against fossil fuel industries.

ESG financing has become increasingly controversial in accurate years, with major financial institutions leading a charge that have cut off traditional energy producers from vital sources of capital. ESG investing uses non-financial standards such as a company's environmental or social impact in financial decision-making

GOP WARNS INSURANCE COMPANIES ON ESG POLICIES: ‘AMERICANS ARE PAYING THE PRICE’

There were more than 600 ratings systems in global use as of last year, giving companies scores on environmental factors such as contributing to climate change and greenhouse gas emissions, social factors such as how a company interacts with the community, and governmental factors such as how a company is run.

The use of ESG ratings is big step away from traditional lending and investment decisions, which traditionally factored a businesses' ability to be profitable.

While adopting ESG policies is a choice for private companies, critics have charged that smaller firms have been bullied into using the metrics by major Wall Street corporations that have prioritized "woke" policies. The policies have also been pushed by the Biden administration, with the Labor Department announcing last year rules that remove barriers for companies that want to consider climate change or other social and environmental factors in their investment decisions.

Multiple federal agencies have followed suit, with the Federal News Network reporting last year that roughly 20 federal agencies have adopted some form of ESG strategy. Meanwhile, President Biden has signed nearly 30 executive orders related to ESG.

Earlier this year, a bill led by Congressional Republicans seeking to prevent pension fund managers from basing their decisions on factors such as climate change was vetoed by Biden, who argued the legislation would have put the retirement savings of millions of Americans at risk.

GOP BILL TAKES ON ESG BANKING RULES TO LIMIT ‘WOKE’ INVESTMENT DECISIONS

The reality has caused states such as Oklahoma to take matters into their own hands, with Russ arguing the new legislation is designed to protect the state's vital industries.

"I definitely am opposed to anyone discriminating against Oklahoma industries and American industries, especially oil and gas, energy, agriculture, those kinds of things," he told Politico in an interview earlier this year.

Russ has recently taken more action on that front, announcing a list of 13 of the largest financial companies in the country that have been blacklisted from doing business with the State of Oklahoma earlier this month, according to a report from the Southwest Ledger.

"The energy sector is crucial to Oklahoma’s economy, providing jobs for our residents and helping drive economic growth," Russ said of the move. "It is essential for us to work with financial institutions that are focused on free-market principles and not beholden to social goals that override their fiduciary duties."

Russ' actions have gained the approval of the OEPA, which advocates on behalf of the state's oil and gas companies.

21 STATES THREATEN BANKS WITH LEGAL ACTION OVER WOKE POLICIES: 'STAY IN YOUR LANE'

"This is a courageous action by our State Treasurer and a win for Oklahoma producers," OEPA Chairman and Owner of Kingery Energy in Ardmore, Oklahoma David Little said in the OEPA press release. "It is essential that the 3000 Small Business oil and gas producers in Oklahoma and the thousands of farmers and ranchers in our state have access to bank financing. Treasurer Russ’s actions will help ensure that institutions in Oklahoma put the interest of Oklahoma agriculture and oil and gas businesses over the woke policies of the Biden Administration."

Mike Cantrell, who serves on the OEPA board of directors, told Fox News Digital that the Biden administration has "weaponized" ESG to pursue a political agenda.

"I have seen the effect of the executive branch weaponizing agencies under their direction to fulfill their political and ideological agenda," Cantrell said. "There's no question the direction that this administration is taking using federal agencies at their disposal through executive order, is basically to eliminate the finding and production of fossil fuels in America."

Cantrell, who has also served on the board of a community bank for about 30 years, said he has seen federal overreach first hand. 

"If you're supporting the wrong cause, next thing you know you get some inquiry from a federal agency that you wouldn't normally think about getting an inquiry from about practices," he said.

REPUBLICAN STATES ARE PLANNING AN ALL-OUT ASSAULT ON WOKE BANKS: 'WE WON’T DO BUSINESS WITH YOU'

Cantrell said that oil and gas loans used to represent about 60% of the loans his bank had on the books, but through "stern direction" by "federal regulatory authority," the number has been cut in half to 30%.

The new reality has made it increasingly difficult for traditional energy companies to access capital, a problem not faced by the renewable energy sector, which is heavily subsidized by the federal government. That lack of access to capital makes it more difficult for companies to explore and produce oil and gas, slowly driving them out of business.

"Banks are being told and financial institutions are being told that they've got to embrace the philosophy of discriminating against fossil fuel companies in their lending practices," Cantrell said, who compared it to a "death by thousand cuts strategy."

Cantrell also warned that green energy alternatives are not yet ready to handle the energy demands of Americans, yet traditional energy companies are being pushed out. If that trend continues, the result could be massive spikes in gas prices and widespread brownouts across the country to preserve the grid.

"We're going to have rolling brownouts across America," Cantrell said, adding that prices will rise and the effect will also be felt by Americans at the gas pump as well.

CLICK HERE TO GET THE FOX NEWS APP

That harm could cut even deeper in Oklahoma, where oil and gas are one of the state's largest industries, the OEPA noted in the release, urging Russ to continue to pushback against "woke policies" such as ESG.

"We are fully aware of the pressure being applied to Treasurer Russ by many of the big National banks and mostly out of state big oil companies who have bought into the woke policies being promulgated using the FDIC and other weapons of the Executive Branch through ESG (Environmental, Social, Governance) policies," former OEPA Chairman Dewey Bartlett said in the release. "We stand with Todd Russ in his commitment to make sure that those institutions that get to invest pension funds and other monies under the Treasurers purvie do not receive billions of dollars if they continue to discriminate against Oklahoma’s two biggest industries."