Security News > 2023 > April > Google Cloud offers Assured Open Source Software for free
Open source software and software supply chain security risks continue to be a primary concern for developers and organizations.
According to a 2022 study by electronic design and automation company Synopsys, 84% of open source software codebases contained at least one known vulnerability - a nearly 4% increase from last year - and 48% contained a high-risk vulnerability.
In response to the threats hidden in open source software, Google Cloud is making its Assured Open Source Software service for Java and Python ecosystems available to all at no cost.
"Software supply chain attacks targeting open source continue to increase. Secure ingest of open source packages is a widespread challenge for organizations and developers wherever they choose to build code," he said.
Figure A. Mike McGuire, senior software solutions manager at Synopsys, explained that Google has a direct interest in the open source community being as secure as possible.
Google said the Assured OSS program will make it possible for organizations to get OSS packages from a vetted source and know what the software comprises because it includes Google's software bill of materials, generally known as SBOMs. The company said the Assured OSS project includes 1,000 Java and Python packages and reduces the need for DevOps teams to establish and operate their own OSS security workflows.
News URL
https://www.techrepublic.com/article/google-cloud-offers-aoss-free/
Related news
- Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI (source)
- Google Cloud Next 2024: New Data Center Chip and Chrome Enterprise Premium Join the Ecosystem (source)
- CloudGrappler: Open-source tool detects activity in cloud environments (source)
- Cloud Active Defense: Open-source cloud protection (source)
- Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity (source)