202219 May

Google Cloud to offer vetted open-source software to organisations


Google Cloud is launching a new service that will provide enterprises and governments with vetted open-source software in a bid to minimise cybersecurity risks. Recent cybersecurity threats such as the Log4Shell flaw that emerged last December have sparked interest in public-private partnerships and other initiatives to secure open-source software supply chain. Google’s latest announcement follows a White House summit in January where it met with other major US tech companies active in the open-source space to discuss ways to boost security in light of recent vulnerabilities. Andrew Chang, group product manager of security and privacy at Google Cloud, said in a blog published yesterday that packages curated by the new Assured OSS service are regularly scanned, analysed and fuzz-tested (an automated software testing technique) for vulnerabilities. “Assured OSS lets organisations benefit from Google’s extensive security experience and can reduce their need to develop, maintain and operate complex processes to secure their open-source dependencies.” All packages curated by Assured OSS are built with Cloud Build, Google’s cloud platform for enterprises, and include evidence of compliance with SLSA, an end-to-end framework for ensuring integrity throughout the software supply chain.

Source: Siliconrepublic