Google Cloud launches services to bolster open-source security, simplify zero-trust rollouts

Google Cloud is rolling out new security services designed to address enterprise challenges including securing open-source software and accelerating the adoption of zero-trust architectures.

At its annual Google Cloud Security Summit, the company said it’s building on its Invisible Security effort, which promises to bake security into tools and services that enterprises and other customers use most.

One example is a new service called Assured Open Source Software (Assured OSS), which is aimed at making it easier for organizations to securely manage their open-source dependencies.

“Today patching security vulnerabilities in open source software often feels like a high-stakes game of whack-a-mole: fix one, and two more pop up,” wrote Sunil Potti, vice president and general manager of Google Cloud Security, in a blog about the new services. “This helps explain research done by Sonatype software that shows that there’s a 650% year-over-year increase in cyberattacks aimed at open source software (OSS) suppliers.”

Through Assured OSS, enterprise users of open-source software will be able to incorporate the same OSS packages that Google uses into their own environments, according to Google.

The packages Google has curated are regularly scanned, analyzed and tested for vulnerabilities, and they’re distributed from an Artifact Registry that’s secured and protected by Google, Potti stated. There are over 500 packages available through GitHub now. 

“The scale of Google’s ongoing effort to find OSS vulnerabilities would be challenging for any organization to construct and operate,” Potti stated. “We continuously fuzz 550 of the most commonly-used open source projects and as of January 2022, that

Read more

Explore the site

More from the blog

Latest News