Google Cloud is looking to make open source code safer than ever
Google is cracking down on open source vulnerabilities
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
GoogleCloud has announced a newopen source softwaresecurity tool as it aims to improve safety among software supply chains.
The new Assured Open Source Software (OSS) looks to enable enterprise and public sector users of open source software to incorporate the same security packages that Google uses into its own developer workflows.
Software supply chains, which often rely on open source code to stay flexible and customizable, have become popular targets for cyberattacks as hackers look to target industries of all kinds.
What’s behind the move?
The move comes after numerous high profile open source security incidents, including vulnerabilities related to Log4j and Spring4shell.
Googlejoinedthe OpenSSF and the Linux Foundation for a meeting to advance the open source software security initiatives discussed during the recentWhite House Summit on Open Source Security.
Google says that the packages curated by the Assured OSS service will be regularly scanned, analyzed, and fuzz-tested for vulnerabilities and will have corresponding enriched metadata that incorporates Google’sContainer/Artifact Analysisdata.
All packages included in the new tool will be built with Google’sCloud Buildand will include evidence of verifiable SLSA-compliance.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The packages will be distributed from anArtifact Registrysecured and protected by Google, with Assured OSS is expected to enter preview in Q3 2022.
Google highlighted that it continuously scans 550 of the most commonly-used open source projects, and says that it has found more than 36,000 vulnerabilities as of January 2022.
In addition, Google also announced a partnership with Israeli developer security platform SNYK that means Assured OSS will be natively integrated into Snyk solutions for joint customers to use wherever they are developing code.
In addition, the partnership also means that Snyk vulnerabilities, triggering actions, and remediation recommendations will become available to joint customers within the Google Cloud security and software development life cycle.
Google Cloud is launching a Web3 team>Vodafone and Google Cloud look to boost Europe’s 5G>Google Cloud is making a major change to its VMs
Security issues haven’t stopped open source software attracting interest from developers everywhere.
A poll of application developers by Instacluster found that 45% of respondents acknowledge the potential of open source software in terms of cutting down costs, while 38% acknowledge its potential in terms of being able to port code more easily.
Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.
Outlook users warned not to open more than 60 emails — otherwise their software will crash
Best secure file transfer solution of 2024
Don’t wait until Black Friday, this year’s best Nintendo Switch bundles are on sale now
