Google's Guide is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission.

Google Cloud wants to make open source code safer than it has ever been

Advertisements

Google is tightening down on vulnerabilities in open source software.

image credits: zdnet

Google Cloud has released a new open source software security tool aimed at enhancing software supply chain security.

The new Assured Open Source Software (OSS) programme aims to make it possible for industry and public sector users of open source software to employ the same security packages that Google does in its developer processes.

Advertisements

As hackers attempt to target sectors of all kinds, software supply chains, which rely on open source code to stay flexible and adjustable, have become appealing targets for cyberattacks.

What’s going on here?

The decision comes in the wake of a slew of high-profile open source security breaches, including bugs in Log4j and Spring4shell.

For a meeting to enhance the open source software security objectives mentioned during the recent White House Summit on Open Source Security, Google joined the OpenSSF and the Linux Foundation.

Advertisements

According to Google, the Assured OSS packages will be scanned, analysed, and fuzz-tested for vulnerabilities on a regular basis, and will contain richer metadata that includes Google’s Container/Artifact Analysis data.

All of the packages in the new tool will be produced with Google Cloud Build and will provide proof of SLSA compliance.

The packages will be distributed through a Google-controlled Artifact Registry, with Assured OSS slated to launch in Q3 2022.

Advertisements

Google stated that it analyses 550 of the most widely used open source projects on a regular basis and has discovered over 36,000 vulnerabilities as of January 2022.

Furthermore, Google announced a cooperation with SNYK, an Israeli developer security platform, in which Assured OSS would be fully integrated into SNYK products for joint clients to utilise wherever they are producing code.

In addition, as part of the Google Cloud security and software development life cycle, Snyk vulnerabilities, triggering actions, and remedial recommendations will be available to joint customers.

Advertisements

Open source software continues to pique the interest of developers all over the world despite security concerns.

Instacluster conducted a survey of application developers, and discovered that 45 percent of respondents believe open source software has the ability to reduce expenses, while 38 percent believe it can make it easier to port code.

Check out our guide to the finest endpoint security for your company.

Advertisements

Leave a Comment