on Tuesday, Google launched a new service called "Assured Open Source Software", which aims to ensure the security of the open source software supply chain by curating and distributing security-vetted open source software packages to Google Cloud customers. .
In this article, Andy Chang, security and privacy product manager for Google Cloud, identifies some of the challenges of securing open source software and highlights Google's commitment to open source.
Chang said: "The developer community, businesses and governments are increasingly aware of software supply chain risks. Google remains one of the largest maintainers, contributors and users of open source and is deeply involved in helping to make it The software ecosystem is more secure."
According to Google's announcement, the Assured Open Source Software service will extend the benefits of Google's own extensive software auditing experience to cloud customers. The company said that all open source software packages available through the service are also used internally by Google and are regularly scanned and analyzed for vulnerabilities.
A list of 550 major open source libraries currently under ongoing review by Google can be found at GitHub. While these libraries are all available for download independently from Google, the Assured Open Source Software program will see audited versions distributed through the Google Cloud -- to mitigate the incidents of developers intentionally or unintentionally breaking widely used open source libraries. Currently, the service is in early access mode and is expected to be available to more customers for testing in the third quarter of 2022.
![Lu Zhe S0120521070001 Chief Macroeconomist. [Debon Macro Lu Zhe] Inflation Chapter of Economic Research Methodology Series. [Debon Macro Lu Zhe] Tariffs on China: China and the United States have different stories, and the impact of cancellation is limited. - DayDayNews](https://cdn.daydaynews.cc/wp-content/themes/begin/img/loading.gif)
