Google Cloud is looking to make open source code safer than ever

Date:
Wed, 18 May 2022 17:06:34 +0000

Description:
Google Clouds new Assured Open Source Software service looks to offer greater security.

FULL STORY ======================================================================

Google Cloud has announced a new open source software security tool as it
aims to improve safety among software supply chains.

The new Assured Open Source Software (OSS) looks to enable enterprise and public sector users of open source software to incorporate the same security packages that Google uses into its own developer workflows.

Software supply chains, which often rely on open source code to stay flexible and customizable, have become popular targets for cyberattacks as hackers
look to target industries of all kinds. Whats behind the move?

The move comes after numerous high profile open source security incidents, including vulnerabilities related to Log4j and Spring4shell.

Google joined the OpenSSF and the Linux Foundation for a meeting to advance the open source software security initiatives discussed during the recent White House Summit on Open Source Security .

Google says that the packages curated by the Assured OSS service will be regularly scanned, analyzed, and fuzz-tested for vulnerabilitiesand will have corresponding enriched metadata that incorporates Googles Container/Artifact Analysis data.

All packages included in the new tool will be built withGoogles Cloud Build and will include evidence of verifiable SLSA-compliance.

The packages will be distributed from an Artifact Registry secured and protected by Google, with Assured OSS is expected to enter preview in Q3
2022.

Google highlighted that it continuously scans 550 of the most commonly-used open source projects, and says that it has found more than 36,000 vulnerabilities as of January 2022.

In addition, Google also announced a partnership with Israeli developer security platform SNYK that means Assured OSS will be natively integrated
into Snyk solutions for joint customers to use wherever they are developing code.

In addition, the partnership also means that Snyk vulnerabilities, triggering actions, and remediation recommendations will become available to joint customers within the Google Cloud security and software development life cycle. Read More

Google Cloud is launching a Web3 team

Vodafone and Google Cloud look to boost Europe's 5G

Google Cloud is making a major change to its VMs

Security issues havent stopped open source software attracting interest from developers everywhere.

A poll of application developers by Instacluster found that 45% of
respondents acknowledge the potential of open source software in terms of cutting down costs, while 38% acknowledge its potential in terms of being
able to port code more easily. Check out our guide to the best endpoint protection for your business



======================================================================
Link to news story: https://www.techradar.com/news/google-cloud-is-looking-to-make-open-source-cod e-safer-than-ever/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)