New Delhi: Google has launched a new initiative to secure the open-source software (OSS) supply chain as cybercriminals look for vulnerabilities like Log4j and Spring4shell to disrupt key operations. Google has announced ‘Assured Open Source Software Service’ that will enable enterprise. And public sector users of open source software can easily incorporate the same OSS packages that Google uses into their own developer workflows.
Google said packages curated by the Assured OSS service are regularly scanned and analyzed for vulnerabilities and built with cloud builds that include proof of verifiable SLSA-compliance.
“There is a growing awareness among the developer community, enterprises and governments of software supply chain risks,” the company said in a statement late Tuesday.
Efforts to address vulnerabilities such as Log4j and Spring4shell and a massive 650 percent (year-over-year) increase in cyber attacks aimed at open source suppliers have focused on the important task of strengthening the security of open source software.
“Google remains one of the largest maintainers, contributors and users of open source and is deeply involved in helping to make the open source software ecosystem more secure,” it said.
Assured OSS lets organizations benefit from Google’s extensive security experience and can reduce their need to develop, maintain and operate complex processes to secure their open source dependencies.
The company explained, “Assured OSS allows Enterprise customers to directly benefit from the in-depth, end-to-end security capabilities and practices implemented across our own OSS portfolio by providing access to the same OSS packages that Google relies on. “