Google will start distributing a security-vetted collection of open-source software libraries

Illustration by Alex Castro / The Verge

Google announced a new initiative Tuesday aimed at securing the open-source software supply chain by curating and distributing a security-vetted collection of open-source packages to Google Cloud customers.

The new service, branded Assured Open Source Software, was introduced in a blog post from the company. In the post, Andy Chang, group product manager for security and privacy at Google Cloud, pointed to some of the challenges of securing open-source software and stressed Google’s commitment to open source.

“There has been an increasing awareness in the developer community, enterprises, and governments of software supply chain risks,” Chang wrote, citing last year’s major log4j vulnerability as an example. “Google continues to be one…

Continue reading…

Original Article

You Might Also Like