Google to launch repository service with security-tested versions of open-source software packages

May 17, 2022

Read Time:38 Second

Developers across the enterprise space are concerned about the security of the open-source software supply chain which they heavily depend on for their application development. In response, Google plans to make its own security-hardened internal open-source component repository available as a new paid service called Assured Open Source Software (Assured OSS).

The service will contain common open-source packages that have been built from source code after the code’s provenance and that of its dependencies has been vetted and the code has been reviewed and tested for vulnerabilities. The resulting packages will contain rich metadata that’s compliant with the new Supply chain Levels for Software Artifacts (SLSA) framework and will be digitally signed by Google.

To read this article in full, please click here

Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox

Hacking the “Bike Angels” System for Moving Bikeshares

Vulnerabilities Found in Popular Houzez Theme and Plugin

Russian Cyber-Attacks Home in on Ukraine’s Military Infrastructure

Quantum Computing and Cybersecurity – Preparing for a New Age of Threats

LinkedIn Pauses GenAI Training Following ICO Concerns

German Police Shutter 47 Criminal Crypto Exchanges

Friday Squid Blogging: Squid Game Season Two Teaser

Clever Social Engineering Attack Using Captchas