EP131 A Deep Dive into Google's Assured OSS: How Google Secures the Software You Use

Topics covered:

• For the software you’re supporting in Assured Open Source your team discovered 50% of the CVEs reported in them this year. How did that happen? 
• So what is Assured Open Source?
• Do we really guarantee its security? What does “guarantee” here mean?
• What’re users actually paying for here?
• What’s the Google magic here and why are we doing this? 
• Do we really audit all code and fuzz for security issues?
• What’s a supply chain attack and then we’ll talk about how this is plugging into those gaps?