back to article Google's got a plan to secure software supply chains

Google has a plan — and a new product plus a partnership with developer-focused security shop Snyk — that attempts to make it easier for enterprises to secure their open source software dependencies. The new service, announced today at the Google Cloud Security Summit, is called Assured Open Source Software. We're told it will …

  1. Anonymous Coward
    Anonymous Coward

    So another project to shut down in a couple of yrs

  2. iron Silver badge

    That is all very nice but has one fatal flaw, you have to trust Google.

    What is to stop a "rogue engineer" from tracking who is using these repos? Or even adding tracking code to the packages themselves?

    Then you must consider the lifecycle of the average Google product.

  3. OhForF' Silver badge

    While Google has a lot of skilled software engineers and i applaud every effort in helping to manage dependencies especially for FOSS libraries i do not think giving Google more influence in the IT world is beneficial.

    I consider my data and data about me to be mine to control and not something for Meta/Google (or Amazone or other big palyers) to collect and monetize.

    Even with actively going out of my way to avoid giving them more data they know more about me than i'd like so i consider Google's data collecting to be an evil thing.

    "Do no evil" doesn't work if their business model is something i consider evil - Google will obviously have a different definition of "evil".

    A new "industry standard" and best practice that says i can only use stuff blessed by Google?

    Thank you , but no, doesn't work for me.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like