Google introduces Assured Open Source Software Service: Distributing Security Reviewed Open Source Software Packages

In an official blog post published on Tuesday, Google launched a new service called “Assured Open Source Software,” which aims to secure the open-source software supply chain by curating and distributing security-vetted open-source software packages to Google Cloud customers.

In this article, Andy Chang, product manager for security and privacy at Google Cloud, identifies some of the challenges of keeping open source software secure and highlights Google’s commitment to open source.

join us on telegram

Chang said: “The developer community, businesses and governments are increasingly aware of software supply chain risks. Google remains one of the largest maintainers, contributors and users of open source, and is deeply involved in helping make open source The software ecosystem is more secureā€.

According to Google’s announcement, the Assured Open Source Software service will extend the benefits of Google’s own extensive software auditing experience to cloud customers. All open-source software packages made available through the service are also used internally by Google and are regularly scanned and analyzed for vulnerabilities, the company said.

Currently, a list of 550 major open-source libraries that Google is continuously reviewing can be found on GitHub. While these libraries are all available for download independently of Google, Assured Open Source Software plans to see vetted versions distributed through the Google Cloud — to mitigate incidents where developers intentionally or unintentionally break widely used open-source libraries. Currently, the service is in early access mode and is expected to be available for more customer testing in the third quarter of 2022.

Leave a Comment