• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Google Unveils Open Source Project to Improve Software Supply Chain Security

You are here: Home / General Cyber Security News / Google Unveils Open Source Project to Improve Software Supply Chain Security
October 21, 2022

Google referred to as for contributors on Thursday to a new open resource job named Graph for Knowledge Artifact Composition (GUAC) as section of its efforts to increase application offer chain security.

In accordance to the tech large, GUAC is even now in the early stages, but it is set to improve how the industry perceives application offer chains.

“GUAC addresses a have to have produced by the burgeoning endeavours across the ecosystem to generate software package create, security, and dependency metadata,” Google wrote in a weblog article.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“True to Google’s mission to arrange and make the world’s details universally available and practical, GUAC is intended to democratize the availability of this security information and facts by producing it freely obtainable and beneficial for every single group, not just individuals with company-scale security and IT funding.”

In accordance to Google, collaboration in groups this kind of as Open up Resource Security Foundation (OpenSSF), Provide Chain Levels for Software package Artifacts (SLSA), Software package Package Facts Trade (SPDX) and CycloneDX allows corporations to have completely ready access to a number of systems, including Computer software Bills of Resources (SBOMs), signed attestations about how program was constructed and cross-databases vulnerability databases.

“These facts are practical on their very own, but it’s tough to mix and synthesize the information for a much more comprehensive see,” reads the blog article.

“The documents are scattered across different databases and producers, are connected to diverse ecosystem entities, and can not be very easily aggregated to answer better-degree questions about an organization’s software property.”

GUAC has been established to tackle these issues by bringing with each other several distinctive sources of software security metadata, also thanks to partnerships concerning the tech large, Kusari, Purdue College and Citi.

From a specialized standpoint, GUAC has four main spots of features: selection of metadata from a variety of resources of software package security databases, ingestion of said facts, collation into a coherent graph and querying for a presented artifact to view its SBOM, provenance, create chain, job scorecard, vulnerabilities, and so on.

“GUAC aggregates and synthesizes software security metadata at scale and tends to make it meaningful and actionable,” Google wrote.

“We’re energized to share the project’s evidence of idea, which allows you question a little dataset of software metadata, like SLSA provenance, SBOMs, and OpenSSF Scorecards.”

The development of GUAC arrives months after Google introduced a new program made to reward scientists that locate bugs in its open up resource assignments.


Some areas of this posting are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Thousands of Publicly Exposed API Tokens Could Threaten Software Integrity
Next Post: Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware emotet botnet distributing self unlocking password protected rar files to drop malware»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.