Open-source software is used throughout the technology industry to help developers build software tools, apps, and services. While developers building with open-source software can (and often do) benefit greatly from the work of others, they should also conduct appropriate due diligence to protect against software supply chain attacks. With …

Threats to the software supply chain and open source software (OSS) security continue to be major areas of concern for organizations creating apps and their developers. According to Mandiant’s M-Trends 2022 report, 17% of all security breaches start with a supply chain attack, the initial infection vector second …

There has been an increasing awareness in the developer community, enterprises, and governments of software supply chain risks. Remediation efforts for vulnerabilities like Log4j and Spring4shell, and a 650% year-over-year increase in cyberattacks aimed at open source suppliers, have sharpened focus on the critical task of bolstering the security …

At Google, we’re committed to delivering the industry’s most trusted cloud. To earn customer trust, we strive to operate in a shared-fate model for risk management in conjunction with our customers. We believe that it's our responsibility to be active partners as our customers securely deploy on …