Google will distribute open source software libraries with monitored security
Google has announced a new initiative that targets open source software security by distributing a carefully selected collection of open source tools with special supervision on security-related issues. Tools that will be available to Google Cloud users.
The development of open source tools benefits from the support of important technology companies and the Administration
This new service is called Assured Open Source Software (AOSS) and has been presented through a blog published by Google. In it, Andy Chang, Product Manager for Security and Privacy at Google Cloud, points out some of the challenges of open source software and underscores Google’s commitment to open source software.
Chang recalls that Google continues to be one of the largest contributors to the use and maintenance of open source software, being deeply involved in improving security in this ecosystem.
With the announcement of AOSS, Google will extend the benefits of this open source software with monitored security to all customers of its Google Cloud platform, regularly scanning and analyzing all tool packs for possible vulnerabilities.
A list of 550 open source libraries that Google regularly reviews is now available on GitHub. Although all of these libraries can be downloaded independently, the AOSS program will provide audited versions through Google Cloud, minimizing potential incidents if developers intentionally or unintentionally cause corruptions in widely used open source libraries.
This service is in testing and will start to be available from the third quarter of 2022.
Beyond Google itself, open source software tools are benefiting from interest in promoting them from big tech companies like Twitter. But also since January of this year in the United States, they have been receiving a broad boost from the Administration with the initiative of government agencies such as the Department of Homeland Security and the Cybersecurity and Security Infrastructure Agency due to the implications of this type of software in cybersecurity.
.