This is essentially a repository for over 1,000 of the most popular Java and Python packages whose provenance has been verified and that were security tested by Google’s own teams.

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers.

The paid Assured Open Source Software service will offer common open-source packages after vetting the provenance of its code and dependencies.

Google Cloud wants to help improve the security of the most widely used open-source software, and to do so it’s making its Assured Open Source Software service generally available for Java and ...