Google Cloud to Offer Security-Vetted Open Source Software

Google will offer Assured Open Source Software, the open source software it has vetted and uses internally, to enable enterprises to gain the benefits of OSS that has been verified as secure.

Jessica Davis, Senior Editor

May 23, 2022

1 Min Read
Google offices - 3D render
Alamy

Looking to help cut the risk of software supply chain vulnerabilities in open source software, Google says it will release its own packages and libraries of vetted open source for other organizations to use.

The company made the announcement in its Google Cloud blog, saying that its new Assured Open Source Software service (Assured OSS) will enable enterprise and public sector users to incorporate the same open source software packages that Google uses in their own developer workflows.

The new cloud service from Google, due in a preview version in Q3 2022, comes amid a huge increase in cyber attacks that are targeting open source, with recent examples including the attacks to exploit the Log4j2 vulnerability against that open source Java-based logging framework that is common on Apache web servers. But that’s not the only one. Software supply chain management vendor Sonatype said in its State Of the Software Supply Chain Report that cyber attacks aimed at open source suppliers increased by 650% year-over-year in 2021.

What’s more, enterprise organizations today are increasingly using open source software, a trend that accelerated during the pandemic, according Red Hat’s State of Enterprise Open Source Report 2022, and a blog post by Red Hat president and CEO Paul Cormier. Indeed, the survey found that 80% of IT leaders expect to increase their use of enterprise open source software for emerging technologies.

Google’s certainly not alone in its effort to address open source vulnerabilities. The Linux Foundation and the Open Software Security Foundation with support from 37 companies including Amazon, Google and Microsoft, recently released a plan for securing open source software.

Read the rest of this article on InformationWeek.

Read more about:

Google Alphabet

About the Author

Jessica Davis

Senior Editor, InformationWeek

Jessica Davis has spent a career covering the intersection of business and technology at titles including IDG's Infoworld, Ziff Davis Enterprise's eWeek and Channel Insider, and Penton Technology's MSPmentor. She's passionate about the practical use of business intelligence, predictive analytics and big data for smarter business and a better world. In her spare time she enjoys playing Minecraft and other video games with her sons. She's also a student and performer of improvisational comedy. 

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like