New Delhi : Google has launched a new initiative to secure open-source software (OSS) supply chain as cyber-criminals look for vulnerabilities like Log4j and Spring4shell to disrupt key operations.
Google has announced Assured Open Source Software service’ that will enable enterprise and public sector users of open source software to easily incorporate the same OSS packages that Google uses into their own developer workflows.
Google said that the packages curated by the Assured OSS service are regularly scanned and analysed for vulnerabilities and are built with Cloud Build including evidence of verifiable SLSA-compliance “There has been an increasing awareness in the developer community, enterprises, and governments of software supply chain risks,” the company said in a statement late on Tuesday.
Also Read Apple releases new updates for iPhones, iPads Remediation efforts for vulnerabilities like Log4j and Spring4shell, and a massive 650 per cent (year-over-year) increase in cyberattacks aimed at open source suppliers, have sharpened focus on the critical task of bolstering the security of open source software.
“Google continues to be one of the largest maintainers, contributors, and users of open source and is deeply involved in helping make the open source software ecosystem more secure,” it said.
Related stories
Subscribe
- Never miss a story with notifications
- Gain full access to our premium content
- Browse free from up to 5 devices at once
Latest stories