Skip to main content

Google will help open-source tech fight cyberattacks

At a time when cyberattacks happen with increasing frequency, Google announced a new security tool with the aim of increasing the safety of open-source software.

Assured Open Source Software (OSS) will enable users to incorporate Google’s own security packages into their own workflows.

Google services (YouTube, Gmail, Chrome, Duo, Meet, Google Podcasts) icons app on smartphone screen.
Primakov / Shutterstock

Open-source software continues to be a popular target for security attacks, and as Google notes in its announcement, there has been a massive 650% year-over-year increase in the number of cyberattacks aimed at open-source suppliers. Seeing as software supply chains often utilize open-source code to remain accessible and easy to customize, they are especially vulnerable to these kinds of attacks.

Recommended Videos

Google is far from the only entity to address the fact that open-source software, despite its plentiful benefits, can be easily abused. The company, alongside OpenSSF and the Linux Foundation, is following up on the security initiatives brought up during the recent White House Summit on Open Source Security. Microsoft has also recently announced a new cybersecurity-based initiative.

Please enable Javascript to view this content

There have been numerous high-profile cybersecurity vulnerabilities in the recent past, such as Log4j and Spring4shell. In an attempt to prevent such attacks from taking place, Google has now introduced Assured OSS.

As part of Assured OSS, Google hopes to enable users from both the enterprise sector and the public sector to work the Google OSS packages into their own developer workflows. On its own end, the company promises that the packages curated by the service will be regularly scanned, fuzz-tested, and analyzed to make sure that no vulnerabilities manage to slip past the defenses.

All the packages will be built with Google’s Cloud Build and will thus come with verifiable SLSA-compliance. SLSA stands for Supply-chain Levels for Software Artifacts and is a well-known framework that aims to standardize the security of software supply chains. Every package will also be verifiably signed by Google and will come with corresponding metadata incorporating Google’s Container/Artifact analysis data.

To further bring cybersecurity into focus, Google has also announced a new partnership with SNYK, an Israeli developer security platform. Assured OSS will be integrated into SNYK solutions from the get-go, allowing customers of both companies to benefit.

Google pointed out a staggering statistic: Within the 550 most common open-source projects that it regularly scans, it has managed to find more than 36,000 vulnerabilities as of January 2022. That alone shows how important it is to crack down on the vulnerability of these projects, seeing as open-source software is popular, needed, and definitely here to stay. Perhaps Google’s Assured OSS can make it more secure for everyone who benefits from it.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
Meta unveils Llama 3.1, its biggest and best open source model yet
llama 3.1 logo

Facebook parent company Meta announced the release of its Llama 3.1 open source large language model on Tuesday. The new LLM will be available in three sizes -- 8B, 70B, and 405B parameters -- the latter being the largest open-source AI built to date, which Meta CEO Mark Zuckerberg describes as "the first frontier-level open source AI model."

"Last year, Llama 2 was only comparable to an older generation of models behind the frontier," Zuckerberg wrote in a blog post Tuesday. "This year, Llama 3 is competitive with the most advanced models and leading in some areas. Starting next year, we expect future Llama models to become the most advanced in the industry."

Read more
This free, open-source tool is the only AI app I constantly use
The Upscayl app displayed on a monitor.

I don't use a lot of AI applications. There's the generative fill-in apps like Photoshop and Lightroom, as well as the crop of online chatbots like ChatGPT and local bots like Chat with RTX. But there's only one AI tool that I find myself constantly reaching for when using my PC.

It's called Upscayl, and as the name implies, it's an AI-powered upscaling utility for Windows, macOS, and Linux. It supports a long list of AI models that run on your graphics card, and it allows you to scale otherwise unrecoverable images to insanely high resolutions. More than anything, though, Upscayl is easy to use -- and that's something that most AI apps struggle with.
Here's what Upscayl can do

Read more
OpenAI boss takes Sora tech to Hollywood, report claims
An AI image portraying two mammoths that walk through snow, with mountains and a forest in the background.

OpenAI’s new text-to-video artificial intelligence model left jaws on the floor recently when the company offered up examples of what it can do.

Sora, as it’s called, generates astonishingly realistic footage from descriptive text inputs, and while a close look can sometimes reveal slight flaws in the imagery, the technology has left many wondering to what extent it could upend the TV and movie industries.

Read more