Google open-source software initiative seeks to up supply chain security

Google has introduced the new Assured Open Source Software service, which offers access to Google developers' secure packages for enterprise open-source software users in an effort to strengthen software supply chain security, reports ZDNet. Open-source packages provided in Assured OSS have been created with Google's Cloud Build platform and are not only signed by Google but also continuously examined and scanned for underlying security flaws. "Assured OSS allows enterprise customers to directly benefit from the in-depth, end-to-end security capabilities and practices we apply to our own OSS portfolio by providing access to the same OSS packages that Google depends on," said Google. Google expects Assured OSS to curb open-source and supply chain vulnerability management challenges. "It's a way for every customer it could be a two-person shop to a 100,000 employee bank who leverages or builds code to rely on a curated set of open source packages that Google themselves have invested in to protect our own developers over many years, that we're now bringing to market in the form of this Assured Open Source package," said Google Cloud Security Vice President Sunil Potti.