Skip to main content

Google will help open-source tech fight cyberattacks

At a time when cyberattacks happen with increasing frequency, Google announced a new security tool with the aim of increasing the safety of open-source software.

Assured Open Source Software (OSS) will enable users to incorporate Google’s own security packages into their own workflows.

Google services (YouTube, Gmail, Chrome, Duo, Meet, Google Podcasts) icons app on smartphone screen.
Primakov / Shutterstock

Open-source software continues to be a popular target for security attacks, and as Google notes in its announcement, there has been a massive 650% year-over-year increase in the number of cyberattacks aimed at open-source suppliers. Seeing as software supply chains often utilize open-source code to remain accessible and easy to customize, they are especially vulnerable to these kinds of attacks.

Google is far from the only entity to address the fact that open-source software, despite its plentiful benefits, can be easily abused. The company, alongside OpenSSF and the Linux Foundation, is following up on the security initiatives brought up during the recent White House Summit on Open Source Security. Microsoft has also recently announced a new cybersecurity-based initiative.

Prime Day Focus
For Prime Day save big on Tineco's innovative smart cleaning gear
Prime Day: Beatbot’s best-selling pool vacuums are at lowest prices of the year
Roborock Prime Day shopping guide: Lots of options, which is right for you?
Ecovacs early Prime Day deals: Save big on top-rated smart home cleaners

There have been numerous high-profile cybersecurity vulnerabilities in the recent past, such as Log4j and Spring4shell. In an attempt to prevent such attacks from taking place, Google has now introduced Assured OSS.

As part of Assured OSS, Google hopes to enable users from both the enterprise sector and the public sector to work the Google OSS packages into their own developer workflows. On its own end, the company promises that the packages curated by the service will be regularly scanned, fuzz-tested, and analyzed to make sure that no vulnerabilities manage to slip past the defenses.

All the packages will be built with Google’s Cloud Build and will thus come with verifiable SLSA-compliance. SLSA stands for Supply-chain Levels for Software Artifacts and is a well-known framework that aims to standardize the security of software supply chains. Every package will also be verifiably signed by Google and will come with corresponding metadata incorporating Google’s Container/Artifact analysis data.

To further bring cybersecurity into focus, Google has also announced a new partnership with SNYK, an Israeli developer security platform. Assured OSS will be integrated into SNYK solutions from the get-go, allowing customers of both companies to benefit.

Google pointed out a staggering statistic: Within the 550 most common open-source projects that it regularly scans, it has managed to find more than 36,000 vulnerabilities as of January 2022. That alone shows how important it is to crack down on the vulnerability of these projects, seeing as open-source software is popular, needed, and definitely here to stay. Perhaps Google’s Assured OSS can make it more secure for everyone who benefits from it.

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Microsoft’s emoji library goes open source
The design process of emoji.

Microsoft has announced it is making over 1,500 emojis in its library open source for developer and creator use as of Wednesday.

You can access the Microsoft emoji library on Figma and Github, with the brand noting that images can be saved as SVG, PNG, and JPG files "to allow for true versatility." However, Microsoft recommends you make a "vector, flat, and monochrome version," of each emoji designed for "scale and flexibility.

Read more
Google’s latest anti-spam change helps clean up your calendar
google calendar tips and tricks feature

Spam is one of the many enemies of the internet, and Google has come up with a new way to tackle it -- at least on your calendar. The search engine giant recently tweaked how events show on Google Calendar so that you'll only be able to display events from senders you know.

With the change, you'll still get email event invitations from unknown senders, but they will only appear in your calendar after you accept. This means that only meetings from people in your same company domain, people in your contacts list, or people you've interacted with before will be added to your calendar automatically. Typically, these are usually trusted people who won't be sending you spam meetings that can mess with your calendar.

Read more
Astronauts’ squashed eyeballs may be helped by a high-tech sleeping bag
A high-tech sleeping bag for astronauts.

In space, squashed eyeballs are a real and present danger.

The disorder, known as spaceflight-associated neuro-ocular syndrome (SANS), can adversely affect an astronaut’s vision during a lengthy mission such as a six-month stay aboard the International Space Station (ISS). More than half of returning crewmembers exhibit signs of the condition to some degree.

Read more