Skip to main content

Google will help open-source tech fight cyberattacks

At a time when cyberattacks happen with increasing frequency, Google announced a new security tool with the aim of increasing the safety of open-source software.

Assured Open Source Software (OSS) will enable users to incorporate Google’s own security packages into their own workflows.

Google services (YouTube, Gmail, Chrome, Duo, Meet, Google Podcasts) icons app on smartphone screen.
Primakov / Shutterstock

Open-source software continues to be a popular target for security attacks, and as Google notes in its announcement, there has been a massive 650% year-over-year increase in the number of cyberattacks aimed at open-source suppliers. Seeing as software supply chains often utilize open-source code to remain accessible and easy to customize, they are especially vulnerable to these kinds of attacks.

Google is far from the only entity to address the fact that open-source software, despite its plentiful benefits, can be easily abused. The company, alongside OpenSSF and the Linux Foundation, is following up on the security initiatives brought up during the recent White House Summit on Open Source Security. Microsoft has also recently announced a new cybersecurity-based initiative.

There have been numerous high-profile cybersecurity vulnerabilities in the recent past, such as Log4j and Spring4shell. In an attempt to prevent such attacks from taking place, Google has now introduced Assured OSS.

As part of Assured OSS, Google hopes to enable users from both the enterprise sector and the public sector to work the Google OSS packages into their own developer workflows. On its own end, the company promises that the packages curated by the service will be regularly scanned, fuzz-tested, and analyzed to make sure that no vulnerabilities manage to slip past the defenses.

All the packages will be built with Google’s Cloud Build and will thus come with verifiable SLSA-compliance. SLSA stands for Supply-chain Levels for Software Artifacts and is a well-known framework that aims to standardize the security of software supply chains. Every package will also be verifiably signed by Google and will come with corresponding metadata incorporating Google’s Container/Artifact analysis data.

To further bring cybersecurity into focus, Google has also announced a new partnership with SNYK, an Israeli developer security platform. Assured OSS will be integrated into SNYK solutions from the get-go, allowing customers of both companies to benefit.

Google pointed out a staggering statistic: Within the 550 most common open-source projects that it regularly scans, it has managed to find more than 36,000 vulnerabilities as of January 2022. That alone shows how important it is to crack down on the vulnerability of these projects, seeing as open-source software is popular, needed, and definitely here to stay. Perhaps Google’s Assured OSS can make it more secure for everyone who benefits from it.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Astronauts’ squashed eyeballs may be helped by a high-tech sleeping bag
A high-tech sleeping bag for astronauts.

In space, squashed eyeballs are a real and present danger.

The disorder, known as spaceflight-associated neuro-ocular syndrome (SANS), can adversely affect an astronaut’s vision during a lengthy mission such as a six-month stay aboard the International Space Station (ISS). More than half of returning crewmembers exhibit signs of the condition to some degree.

Read more
Google opens up Play Store payments in South Korea in response to legislation
Google Play Store.

Google is finally letting developers in South Korea implement third-party payment solutions in their apps in response to new legislation. Going forward, users will be able to select between Google Play billing and an alternate option of the developer's choice, the company explained.

The move comes after the South Korean Telecommunications Business Act was amended to keep companies from forcing mandatory use of their own in-app purchases systems. The primary reason the in-app purchasing system has been targeted is that developers have had to pay a mandatory 30% fee, cutting into profitability for small businesses. Google's adaptation will still require developers to show the Play Store billing system, but they'll now be able to use potentially cheaper third parties. Google will share further details and guidelines around implementation in the coming weeks.

Read more
Google Lens is getting Chrome integration to help you find out-of-stock products
Google Lens shopping integration.

Google announced at its Search On event on Wednesday that it's bringing the smartphone functionality of its Google Lens to the desktop version of Chrome. Lens is an app that helps identify objects, and it's installed by default in many Android phones.

At some point in "the coming months," Chrome will receive an update to incorporate Lens-style searching into Chrome. Instead of the old highlight, then right-click, then "search Google for" three-step process, you can search a webpage directly with Lens.

Read more