TMCnet News

Fermyon First to Deliver Secure-By-Default Software Supply Chain for Serverless Apps
[November 01, 2023]

Fermyon First to Deliver Secure-By-Default Software Supply Chain for Serverless Apps


Fermyon Technologies, the serverless WebAssembly company, today announced Fermyon Spin 2.0, which implements the new WebAssembly Component Model to give developers unmatched security and productivity. With the integration of the WebAssembly (Wasm) Component Model, Spin 2.0 allows developers to implement software components written in multiple languages; makes available untrusted, third-party components that are, by definition, secure; and offers secure-by-default software supply chains.

With increasing pressure to deliver software faster than ever before and vulnerabilities in open source libraries on the rise, it is estimated that software supply chain attacks have increased 742% over the past three years (source: Security Week, Cyber Insights 2023). By leveraging the component model and the sandbox nature of Wasm, Spin 2.0 dramatically reduces attack surfaces and vectors, even those which import/export interfaces. Now, Spin offers security-by-default for developers, giving peace of mind regardless of what components are being utilized.

Spin 2.0 Key Benefits and Features:

  • Supply Chain Security: Because each WebAssembly module is sandboxed by default, running untrusted libraries is much safer with Spin 2.0. This gives developers greater assurance and makes it easier to construct safe and productive cloud-native application supply chains.
  • Faster Startup and Runtime: By enabling Wasmtime's pooling allocator, Spin 2.0 represents up to 10x improvement in concurrent processing speeds. For example, a full request for a simple function like "Hello World!" can now be completed in 500 microseconds (compared to 1-2 milliseconds previously).
  • Polyglot Programming-By-Default: Software teams face many choices when it comes to programming language - which impacts everything from future scalability and growth to overall performance and hiring talent. The Wasm Component Model was designed so that developers can fully utilize existing code bases and libraries regardless of language. With Spin 2.0 users benefit from this capability, significantly increasing developer productivity and organizational flexibility. For example developers can now link a Rust library into a JavaScript application or a Python lbrary into Go code, enabling true polyglot programming.
  • Serverless AI: With Spin 2.0, developers can bring a wide array of Large Language Models (LLMs), combine them with Fermyon's vector-enabled SQL Database, and use Spin's Key Value Store for caching. The powerful Spin SDK libraries make it easy to create AI-enabled applications with just a few lines of code.
  • Platform Agnostic: Spin 2.0 illustrates the WebAssembly promise as the first to achieve component model interoperability, giving developers freedom of choice when utilizing components and tools. Developers now have assurance that tools will work with Spin 2.0 and any Wasm environments that implement Bytecode Alliance standards.
  • Portability: For developers interested in the Wasm Component Model, Spin 2.0 can be run on top of major workload environments such as Kubernetes cluster, Fermyon Cloud, and Docker Desktop. Spin is the primary or supported WebAssembly development tool choice of Docker Desktop, Microsoft, Red Hat, and other leading cloud-native computing organizations. Spin binaries run in all Kubernetes and Docker environments.
  • Streaming: Spin 2.0 can be used for high performance data streaming implementations. With streaming, developers can return data as it is processed, a powerful feature when used for AI, video, audio, and large data transformations.



"Serverless has always held promise for developers because of its ease-of-use and automated deployment infrastructure. However, the promise has not lived up to reality, with operators having to be more involved in serverless deployments than expected, and the lack of language interoperability and secure software supply chains inhibiting development cycles," said IDC research director Lara Greden. "However, the application of Wasm to serverless is bringing the promise of serverless back into play, and has the potential to truly enable serverless as it ought to be."

Fermyon is the first company to implement the WebAssembly Component Model in an open source product as well as its own hosted cloud offering, Fermyon Cloud, thus increasing the security profile of Fermyon Cloud and any serverless application running on it.


"At Fermyon we are defining the next wave of cloud computing, and we're using WebAssembly to do it. As seasoned open source leaders, the Fermyon team has taken an active role in creating the standards under W3C and in writing the reference implementations. Spin 2.0 builds upon these standards to provide a developer-oriented production-grade serverless platform. Spin 2.0 and the component model create another giant leap towards this vision for all developers and development organizations," said Matt Butcher, co-founder and CEO of Fermyon.

Fermyon Spin 2.0 is now available to clone or download at GitHub. Spin is one of the fastest open source projects to reach 4,100+ stars and has been downloaded or cloned more than 100,000 times. With one command ("spin deploy") any Spin application is immediately deployed to Fermyon Cloud.

Fermyon will be showcasing Fermyon Spin 2.0 at the KubeCon North America conference in Chicago November 6-9.

Additional Resources:

About Fermyon Technologies

Fermyon is leading the next wave of cloud computing with the first cloud-native WebAssembly FaaS that lets developers build better serverless apps faster. Fermyon is focused on empowering cloud developers to quickly realize the things they are thinking about creating and focus on the code that brings value instead of the obligatory foundation code. Fermyon was founded by the Deis Labs team at Microsoft Azure and is backed by Insight Partners and Amplify Partners. For more information, go to https://www.fermyon.com or follow @fermyontech.


[ Back To TMCnet.com's Homepage ]