There has been an increasing awareness in the developer community, enterprises, and governments of software supply chain risks. Remediation efforts for vulnerabilities like Log4j and Spring4shell, and a 650% year-over-year increase in cyberattacks aimed at open source suppliers, have sharpened focus on the critical task of bolstering the security of open source software. Governments and regulators have taken notice and action, including the White House’s Executive Order 14028 on Improving the Nation’s Cybersecurity, followed by other governments and agencies around the world asserting new requirements and standards specifically focused on the software development lifecycle and the software supply chain.

…To further our commitment to help organizations strengthen their OSS software supply chain, we are announcing today a new Google Cloud product: our Assured Open Source Software service. Assured OSS enables enterprise and public sector users of open source software to easily incorporate the same OSS packages that Google uses into their own developer workflows.  Read More