Skip to main content

Google will help open-source tech fight cyberattacks

At a time when cyberattacks happen with increasing frequency, Google announced a new security tool with the aim of increasing the safety of open-source software.

Assured Open Source Software (OSS) will enable users to incorporate Google’s own security packages into their own workflows.

Google services (YouTube, Gmail, Chrome, Duo, Meet, Google Podcasts) icons app on smartphone screen.
Primakov / Shutterstock

Open-source software continues to be a popular target for security attacks, and as Google notes in its announcement, there has been a massive 650% year-over-year increase in the number of cyberattacks aimed at open-source suppliers. Seeing as software supply chains often utilize open-source code to remain accessible and easy to customize, they are especially vulnerable to these kinds of attacks.

Recommended Videos

Google is far from the only entity to address the fact that open-source software, despite its plentiful benefits, can be easily abused. The company, alongside OpenSSF and the Linux Foundation, is following up on the security initiatives brought up during the recent White House Summit on Open Source Security. Microsoft has also recently announced a new cybersecurity-based initiative.

There have been numerous high-profile cybersecurity vulnerabilities in the recent past, such as Log4j and Spring4shell. In an attempt to prevent such attacks from taking place, Google has now introduced Assured OSS.

As part of Assured OSS, Google hopes to enable users from both the enterprise sector and the public sector to work the Google OSS packages into their own developer workflows. On its own end, the company promises that the packages curated by the service will be regularly scanned, fuzz-tested, and analyzed to make sure that no vulnerabilities manage to slip past the defenses.

All the packages will be built with Google’s Cloud Build and will thus come with verifiable SLSA-compliance. SLSA stands for Supply-chain Levels for Software Artifacts and is a well-known framework that aims to standardize the security of software supply chains. Every package will also be verifiably signed by Google and will come with corresponding metadata incorporating Google’s Container/Artifact analysis data.

To further bring cybersecurity into focus, Google has also announced a new partnership with SNYK, an Israeli developer security platform. Assured OSS will be integrated into SNYK solutions from the get-go, allowing customers of both companies to benefit.

Google pointed out a staggering statistic: Within the 550 most common open-source projects that it regularly scans, it has managed to find more than 36,000 vulnerabilities as of January 2022. That alone shows how important it is to crack down on the vulnerability of these projects, seeing as open-source software is popular, needed, and definitely here to stay. Perhaps Google’s Assured OSS can make it more secure for everyone who benefits from it.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
This tech can end QR code scams, if only Google and Apple pitch in
Scanning a QR code using a phone.

The most successful digital scam is one that is tied to convenience. QR codes, which are used for everything from sharing contacts to making payments, are an ideal vector. In India, which runs the world's largest digital payment system, QR code scams have become a regular nuisance.

I regularly hear from retail shop owners and cab drivers about how they were duped using a fake QR code or app, and similar is the tale of online shoppers. Parking lot QR scams are also rampant in the US and UK, but stealing a few dollars is not the only risk.

Read more
Google strikes back with an answer to OpenAI’s Sora launch
Veo 2 on VideoFX

Google's DeepMind division unveiled its second generation Veo video generation model on Monday, which can create clips up to two minutes in length and at resolutions reaching 4K quality -- that's six times the length and four times the resolution of the 20-second/1080p resolution clips Sora can generate.

Of course, those are Veo 2's theoretical upper limits. The model is currently only available on VideoFX, Google's experimental video generation platform, and its clips are capped at eight seconds and 720p resolution. VideoFX is also waitlisted, so not just anyone can log on to try Veo 2, though the company announced that it will be expanding access in the coming weeks. A Google spokesperson also noted that Veo 2 will be made available on the Vertex AI platform once the company can sufficiently scale the model's capabilities.

Read more
Proton VPN vs. Mullvad: Which is the best open-source VPN?
Proton VPN Plus and Mullvad websites appear in a split-screen on a PC monitor.

Open-source software is exploding in popularity and even virtual private networks (VPNs) share code for transparency. With over 100 million open-source developers contributing to the community, there’s an improved chance to find bugs and patch vulnerabilities.

Proton VPN and Mullvad are among the best VPNs available, and both are open-source solutions. You can browse the code used in Proton VPN and Mullvad on GitHub to check that there isn’t any secret logging or undisclosed data collection.

Read more