in the official blog post released on Tuesday , Google launched a new service called "assured open source software", which aims to ensure the security of the open source software supply chain by planning and distributing the security reviewed open source software packages to Google cloud customers.
In this article, Andy Chang, security and privacy product manager of Google cloud, pointed out some challenges to ensure the security of open source software and stressed Google's commitment to open source.
"The developer community, businesses and governments are increasingly aware of software supply chain risks. Google remains one of the largest maintainers, contributors and users of open source code and is deeply involved in helping make the open source software ecosystem safer," Chang said.
According to Google's announcement, the assured open source software service will extend the benefits of Google's own extensive software audit experience to cloud customers. The company said that all open source software packages provided through the service are also used internally by Google, and regularly scan and analyze vulnerabilities.
At present, a list of 550 major open source libraries that Google is continuously reviewing can be found on GitHub. Although these libraries can be downloaded independently of Google, assured open source software plans to see audited versions distributed through the Google cloud - to mitigate developers' intentional or unintentional destruction of widely used open source libraries. At present, this service is in early access mode and is expected to be available to more customers for testing in the third quarter of 2022.