Techly NewsGet the app

Get the latest tech news

Google's New Security Project 'OSS Rebuild' Tackles Package Supply Chain Verification


This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts. It includes automation to derive declarative build definitions, new "build observability and verification tools" for security tea...

This week Google's Open Source Security Team announced " a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts.It includes automation to derive declarative build definitions, new "build observability and verification tools" for security teams, and even "infrastructure definitions" to help organizations rebuild, sign, and distribute provenance by running their own OSS Rebuild instances. Our aim with OSS Rebuild is to empower the security community to deeply understand and control their supply chains by making package consumption as transparent as using a source repository. — Augment SBOMs by adding detailed build observability information to existing Software Bills of Materials, creating a more complete security picture...

Get the Android app

Or read this on Slashdot

Read more on:

Photo of Google

Google

Photo of tackles

tackles

Photo of oss

oss

Related news:

News photo

Google failed to warn 10 million of Turkey earthquake severity

News photo

EU age verification app to ban any Android system not licensed by Google

News photo

The Evilization of Google–and What to Do About It

« S&P 500 Rally Faces $11 Trillion Gauntlet of Big Tech Earnings
Russia’s Aeroflot cancels flights after pro-Ukraine hackers claim cyber-attack | Airline industry »