[手动选题][news]: 20220518 Google To Start Distributing A Collection Of Open Source Software libraries.md

This commit is contained in:
lkxed 2022-05-18 23:32:09 +08:00
parent 57db3901a3
commit 1b842da3e1

View File

@ -0,0 +1,41 @@
[#]: subject: "Google To Start Distributing A Collection Of Open Source Software libraries"
[#]: via: "https://www.opensourceforu.com/2022/05/google-to-start-distributing-a-collection-of-open-source-software-libraries/"
[#]: author: "Laveesh Kocher https://www.opensourceforu.com/author/laveesh-kocher/"
[#]: collector: "lkxed"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Google To Start Distributing A Collection Of Open Source Software libraries
======
![][1]
On Tuesday, Google unveiled a new program aimed at safeguarding the open-source software supply chain by curating and delivering a security-vetted selection of open source packages to Google Cloud users. The business announced the new service, dubbed Assured Open Source Software, in a blog [post][2]. Andy Chang, Google Clouds group product manager for security and privacy, highlighted some of the problems of safeguarding open source software and emphasised Googles commitment to open source in his blog post.
“There has been an increasing awareness in the developer community, enterprises, and governments of software supply chain risks,” Chang wrote, citing last years major log4j vulnerability as an example. “Google continues to be one of the largest maintainers, contributors, and users of open source and is deeply involved in helping make the open source software ecosystem more secure.”
According to Google, the Assured Open Source Software service will give Cloud clients access to Googles substantial software auditing knowledge. According to Google, all open source packages made available through the service are also used internally by the corporation and are inspected and analysed for vulnerabilities on a regular basis.
A list of the 550 important open source libraries that Google is currently reviewing is available on [GitHub][3]. While these libraries may all be downloaded independently of Google, the Assured OSS program will see audited versions provided through Google Cloud, preventing developers from corrupting widely used open source libraries. This service is now in early access phase and will be ready for wider consumer testing in Q3 2022.
The Google statement is part of a broader industry effort to strengthen the security of the open source software supply chain, which has the support of the Biden administration. In January, representatives from the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency met with executives from some of the countrys major IT companies to examine open-source software security in the wake of the log4j bug. Since then, the corporations involved have pledged more than $30 million in financing to improve open source software security during a recent summit.
In addition to cash, Google is devoting engineering time to ensuring the supply chains security. The corporation has announced the development of a “Open Source Maintenance Crew” that will collaborate with library maintainers to improve security.
--------------------------------------------------------------------------------
via: https://www.opensourceforu.com/2022/05/google-to-start-distributing-a-collection-of-open-source-software-libraries/
作者:[Laveesh Kocher][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.opensourceforu.com/author/laveesh-kocher/
[b]: https://github.com/lkxed
[1]: https://www.opensourceforu.com/wp-content/uploads/2022/05/google3-1-e1652863988525.jpg
[2]: https://cloud.google.com/blog/products/identity-security/introducing-assured-open-source-software-service
[3]: https://github.com/google/oss-fuzz/tree/master/projects