Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Computer Help and Support

Passages

(3,305 posts) Wed Jul 23, 2025, 09:00 AM 15 hrs ago

Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages

Jul 23, 2025
Ravie Lakshmanan

Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks.

"As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers," Matthew Suozzo, Google Open Source Security Team (GOSST), said in a blog post this week.

The project aims to provide build provenance for packages across the Python Package Index (Python), npm (JS/TS), and Crates.io (Rust) package registries, with plans to extend it to other open-source software development platforms.

With OSS Rebuild, the idea is to leverage a combination of declarative build definitions, build instrumentation, and network monitoring capabilities to produce trustworthy security metadata, which can then be used to validate the package's origin and ensure it has not been tampered with.
https://thehackernews.com/2025/07/google-launches-oss-rebuild-to-expose.html?_m=3n%2e009a%2e3727%2eqb0ao44uux%2e2rdq