Google: These 'curated' open-source packages will improve software supply chain security

Google aims to boost software supply chain security with an initiative that promises to offer enterprise open-source software users access to the same secure packages used by its own developers to build and maintain code.

Google said there has been a 650% year-on-year increase in cyberattacks aimed at open-source software suppliers with the intention of exploiting weaknesses in the ecosystem to go after other targets.

“That’s what we’ve been having a real hard look at, is fundamentally how to get ahead of any digital supply chain problems so we’re not in the same position we’re in today on the physical supply chain,” said Sunil Potti, VP of Google Cloud Security.

“And the equivalent of that in the digital supply chain is open-source software. In our opinion, while we’ll have to take an end-to-end view of securing the supply chain, pretty much every company on the planet is exposed to open source software,” he added.

SEE: A winning strategy for cybersecurity (ZDNet special report)

The packages offered to Google Cloud customers as the Assured Open Source Software service are verifiably signed by Google and are regularly scanned and analysed for vulnerabilities in order to ensure users

Read More: