Google has doubled down on open source security with new initiatives aimed at strengthening the software supply chain.
Last week, Google announced the creation of its new Open Source Maintenance Crew — “a dedicated staff of Google engineers who will work closely with upstream maintainers on improving the security of critical open source projects.”
And now the company has launched the Assured Open Source Software service, which will give organizations access to the same curated OSS packages that Google uses in its own developer workflows. These packages will be “regularly scanned, analyzed, and fuzz-tested for vulnerabilities” and verified by Google. This paid service is expected to enter the preview stage in Q3 2022.
Read more at Google Cloud blog.