New Google Cloud initiative to secure open-source software supply chain


New Delhi, May 18 (IANS): Google has launched a new initiative to secure open-source software (OSS) supply chain as cyber-criminals look for vulnerabilities like Log4j and Spring4shell to disrupt key operations.

Google has announced ‘Assured Open Source Software service' that will enable enterprise and public sector users of open source software to easily incorporate the same OSS packages that Google uses into their own developer workflows.

Google said that the packages curated by the Assured OSS service are regularly scanned and analysed for vulnerabilities and are built with Cloud Build including evidence of verifiable SLSA-compliance

"There has been an increasing awareness in the developer community, enterprises, and governments of software supply chain risks," the company said in a statement late on Tuesday.

Remediation efforts for vulnerabilities like Log4j and Spring4shell, and a massive 650 per cent (year-over-year) increase in cyberattacks aimed at open source suppliers, have sharpened focus on the critical task of bolstering the security of open source software.

"Google continues to be one of the largest maintainers, contributors, and users of open source and is deeply involved in helping make the open source software ecosystem more secure," it said.

Assured OSS lets organisations benefit from Google's extensive security experience and can reduce their need to develop, maintain, and operate complex processes to secure their open source dependencies.

"Assured OSS allows enterprise customers to directly benefit from the in-depth, end-to-end security capabilities and practices we apply to our own OSS portfolio by providing access to the same OSS packages that Google depends on," explained the company.

 

  

Top Stories


Leave a Comment

Title: New Google Cloud initiative to secure open-source software supply chain



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.