Google has now launched a new initiative for the purpose of securing the open-source software (OSS) supply chain as the cyber-criminal that is looking for the vulnerabilities such as Spring4shell and Log4j for the purpose of disrupting the main operations.
The Open Source Software service is going to be enabling the enterprise and the public sector users of the open 65 software for easily incorporating the same OSS packages that Google using in their very own developer workflows. Google said that, the packages has been curated by the Assured OSS service and has also been regularly scanned and analysed for the vulnerabilities and are also built with the Cloud Build that is also including the evidence of the verifiable SLSA-compliance.
The company said that, there has been an increasing awareness in the developer community, along with the enterprises and governments of the software supply chain risks. The company also said that, remediation efforts for the vulnerabilities such as Log4j and Spring4hell, and also a large 650 percent per year increase in the cyberattacks that are aimed at the open source suppliers and have also sharpened the focus on the critical task of bolstering the security of the open source software.
The company also said that, Google is still continuing to be one of the biggest maintainers, along with the contributors and users of the open source and has been deeply involved in the process of helping them to make the open source software ecosystem more secure.
