Source: Google Cloud
Google Cloud has released a new product to strengthen the open-source software supply chain and security for developers, enterprises, and governments. Called the Assured Open Source Software service, the product will enable Google Cloud clients to access the same OSS packages that Google uses and incorporate those into their workflows. Since the packages curated by Assured OSS are regularly scanned, analyzed, and fuzz-tested for vulnerabilities, it can address the most common challenges that users face when adopting open-source software.
New releases of old projects and the creation of totally new ones continue to fuel the exponential growth of the global supply of open source libraries. As much as the SaaS industry loves using open source software for speed and scalability, security vulnerabilities are a reality. One study revealed that in 2021, cyberattacks aimed at open source supplies have now increased to 650% YoY. This number was 430% in the previous year.
GitHub is the go-to place to download major open-source libraries; however, not all are regularly reviewed for security risks. This is where Assured OSS hopes to make a difference. The open-source versions that will be maintained in Assured OSS are security-vetted. For example, packages will include corresponding enriched metadata with Container/Artifact Analysis data. They will also be built with Cloud Build—Google Cloud’s serverless CI/CD platform—and contain evidence of verifiable SLSA-compliance. Plus, packages will be distributed from an Artifact Registry that’s secured and protected by Google. With the launch of Assured OSS, SaaS developers will not only benefit from Google’s extensive security auditing but also improve their processes and secure their open source dependencies.
Group product manager for security and privacy, Andy Chang, wrote on the Google Cloud blog post that governments and regulators had taken notice of the security vulnerabilities in the software development lifecycle and supply chain. Launching Assured OSS is just one of the tech giant’s initiatives to make open-source software more secure. Google remains one of the biggest maintainers, contributors, and users of open-source software.
Google Cloud, in particular, announced last month that it’s moving Istio—its open-source service mesh solution—to the Cloud Native Computing Foundation (CNCF). With Istio’s mature technology now under the auspices of the open-source community at CNCF, DevOps teams can benefit from improved transparency, security, and a global talent pool that’s constantly improving the platform.
“Assured OSS allows enterprise customers to directly benefit from the in-depth, end-to-end security capabilities and practices we apply to our own OSS portfolio by providing access to the same OSS packages that Google depends on. Users will also be able to submit packages from their own OSS portfolio to be secured and managed through the Google Cloud managed service,” explained Chang.
The release of Assured OSS coincides with Google Cloud’s 2022 Security Summit this week. Google experts and partners discussed the latest technology and the future of security. Topics included in the presentations were Zero Trust, Securing the Software Supply Chain, Ransomware and other emerging threats, and Cloud Governance and Digital Sovereignty. Assured OSS is expected to enter Preview in the third quarter of this year.
Why is FinancesOnline free?
Leave a comment!