{"id":48996,"date":"2022-10-24T12:51:04","date_gmt":"2022-10-24T12:51:04","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33967\/Google-Says-Slap-Some-GUAC-On-Your-Software-Supply-Chain.html"},"modified":"2022-10-24T12:51:04","modified_gmt":"2022-10-24T12:51:04","slug":"google-says-slap-some-guac-on-your-software-supply-chain","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/","title":{"rendered":"Google Says Slap Some GUAC On Your Software Supply Chain"},"content":{"rendered":"<p><span class=\"label\">In brief<\/span> Google has released a new open source software tool to help businesses better understand the risks to their software supply chains by aggregating security metadata into a queryable, standardized database.<\/p>\n<p>The Graph for Understanding Artifact Composition, or &#8220;GUAC&#8221; \u2013 pronounced like the avocado dip \u2013 &#8220;aggregates and synthesizes software security metadata at scale and makes it meaningful and actionable,&#8221; Google <a href=\"https:\/\/security.googleblog.com\/2022\/10\/announcing-guac-great-pairing-with-slsa.html\" rel=\"nofollow\">said<\/a> in a blog post.<\/p>\n<p>While modern upstream software supply chains have become rich with metadata and attestations, it&#8217;s &#8220;difficult or impossible&#8221; for most businesses to put that info into a unified view, Google claims.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;To understand something complex like the blast radius of a vulnerability, one needs to trace the relationship between a component and everything else in the portfolio \u2013 a task that could span thousands of metadata documents across hundreds of sources,&#8221; Google said.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Software supply chain attacks have been central to many major cybersecurity incidents in the past few years, like <a href=\"https:\/\/www.theregister.com\/2020\/12\/14\/solarwinds_fireeye_cozybear_us_government\/\">SolarWinds<\/a>, <a href=\"https:\/\/www.theregister.com\/2021\/07\/05\/kaseya_vsa_update\/\">Kaseya<\/a>, and <a href=\"https:\/\/www.theregister.com\/2022\/03\/16\/linux_botnet_log4j\/\">Log4j<\/a>, and involve attackers injecting malicious code into software prior to its delivery to customers.<\/p>\n<p>At RSA 2022, Microsoft&#8217;s Aanchal Gupta, head of the company&#8217;s Security Response Center, said supply chain attacks will continue to become more prevalent due to the tech world&#8217;s reliance on third-party and open source software, which he said is &#8220;not going to come down anytime soon.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>As an aggregator of metadata, GUAC is designed to collect data from a variety of sources, including software bill-of-materials platforms, vulnerability databases, and signed attestations, like Google&#8217;s own aptly named <a href=\"https:\/\/www.theregister.com\/2021\/06\/18\/google_slsa_supply_chain_rust\/\">SLSA<\/a> (pronounced &#8220;salsa&#8221;).<\/p>\n<p>GUAC is able to collect data, ingest it from upstream sources, collate it into a single normalized source, and allows users to query it to get a software bill of materials, provenance, build chain, project security scorecard, a list of vulnerabilities and recent lifecycle events, Google claims.&nbsp;<\/p>\n<p>Google says GUAC could help answer proactive security questions, like which components in a software ecosystem are most often used or which dependencies may be risky, as well as operational questions like whether new software meets security policies and reactive questions like how an organization is affected by a new vulnerability.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The GUAC project is open source and <a href=\"https:\/\/github.com\/guacsec\/guac\" rel=\"nofollow\">available on GitHub<\/a>. Google said it&#8217;s still in the early development days and is only available as a proof of concept that can ingest data from SLSA, software bills of materials, and Scorecard documents. You can try it out \u2013 or inject some of your own helpful code \u2013 now.&nbsp;<\/p>\n<h3 class=\"crosshead\">FBI says Iranian hackers threatening Israel could come for US again<\/h3>\n<p>The FBI has released a private industry notification warning companies to beware of an Iranian hacking group known as Emennet Pasargad, which previously <a href=\"https:\/\/www.theregister.com\/2020\/10\/22\/iran_russia_emails\/\">harassed US voters<\/a> and launched disinformation campaigns during the 2020 presidential election.&nbsp;<\/p>\n<p>Emennet is known for using hack-and-leak operations against victims, the FBI <a href=\"https:\/\/www.ic3.gov\/Media\/News\/2022\/221020.pdf\" rel=\"nofollow\">said<\/a>, as well as using false-flag personas to shift blame elsewhere. The group appears to be opportunistic, and generally seems to have the goal of undermining public trust in private organizations and government institutions.<\/p>\n<p>Most recently, the group was spotted targeting Israeli organizations using similar tactics, but the FBI said it was active within the US earlier this year, when it pulled off an attack against a US-based organization linked to an Iranian opposition group.&nbsp;<\/p>\n<p>While opportunistic, Emennet does show some preference for its victims. Those at risk include any group linked to Iranian opposition groups, companies with websites running PHP or an externally accessible mysql database, as well as large companies with significant web traffic and a large customer base.<\/p>\n<p>US officials have warned of increased cyber attack potential in the run up to the US midterms next month, but have also said they&#8217;re <a href=\"https:\/\/www.theregister.com\/2022\/10\/06\/us_midterm_election_cyberattack_unlikely\/\">not concerned<\/a> about foreign governments or their agents posing an actual threat to elections.<\/p>\n<h3 class=\"crosshead\">CISA wants to go SCuBA diving into your Microsoft 365 cloud<\/h3>\n<p>The Cybersecurity and Infrastructure Security Agency (CISA) has released an open source tool designed to audit Microsoft 365 deployments against the agency&#8217;s cloud security standards.<\/p>\n<p><a href=\"https:\/\/github.com\/cisagov\/ScubaGear\" rel=\"nofollow\">Available on GitHub<\/a> as a PowerShell script, the software looks at Teams, SharePoint, Power Platform, Power BI, OneDrive, Exchange, Defender and Azure AD, and checks them against the Secure Cloud Business Applications (<a href=\"https:\/\/www.cisa.gov\/blog\/2022\/10\/20\/scuba-dives-deeper-help-federal-agencies-secure-their-cloud-environments-publishes\" rel=\"nofollow\">SCuBA<\/a>) standards CISA announced in April.&nbsp;<\/p>\n<p>SCuBA guidelines were developed for civilian executive branch agencies to &#8220;provide easily adoptable recommendations that complement each agency&#8217;s unique requirements and risk tolerance levels,&#8221; CISA said, and admits that the tools may not perform flawlessly for private organizations.<\/p>\n<p>Still, &#8220;CISA recommends that all organizations utilizing cloud services review the baselines and implement practices therein where appropriate.&#8221;&nbsp; In testing, the agency ran the software on tenants with E3 or G3 and E5 or G5 Microsoft 365 licenses, and said it may still work in, but wasn&#8217;t tested for, deployments other than those.&nbsp;<\/p>\n<p>While &#8220;ScubaGear&#8221; only supports Microsoft 365 for now, CISA said it plans to publish configuration baselines for Google Workspaces as well. &#8220;The publication of the GWS and M365 baselines will further CISA&#8217;s mission to secure the federal enterprise by addressing cybersecurity and visibility gaps within cloud-based business applications,&#8221; CISA said.<\/p>\n<h3 class=\"crosshead\">TSA shovels coal on railroad cybersecurity requirements<\/h3>\n<p>The Transportation Security Administration (TSA) has issued a directive to rail operators telling them its time to get serious about cybersecurity \u2013 and it&#8217;s not an option.&nbsp;<\/p>\n<p>Citing &#8220;the ongoing cybersecurity threat to surface transportation systems&#8221; and attacks that could lead to &#8220;degradation, destruction, or malfunction&#8221; of such systems, the <a href=\"https:\/\/www.tsa.gov\/sites\/default\/files\/sd-1580-21-01a.pdf\" rel=\"nofollow\">TSA is requiring<\/a> [PDF] all designated freight railroad carriers and railroads to comply with four rules:<\/p>\n<ul>\n<li>A cybersecurity coordinator is required to be on call at all times<\/li>\n<li>All cybersecurity incidents have to be reported to CISA within 24 hours<\/li>\n<li>Operators must develop a cybersecurity incident response plan<\/li>\n<li>Operators must conduct vulnerability assessments and report them to the TSA within 90 days of the directive<\/li>\n<\/ul>\n<p>To accomplish its objectives, the TSA is <a href=\"https:\/\/www.tsa.gov\/news\/press\/releases\/2022\/10\/18\/tsa-issues-new-cybersecurity-requirements-passenger-and-freight\" rel=\"nofollow\">requiring<\/a> rail operators to develop network segmentation policies, improve access controls, build continuous monitoring platforms, and develop a standard patching process to minimize risks of exploitation.<\/p>\n<p>The US has more broadly required companies to submit cyber incident reports <a href=\"https:\/\/www.theregister.com\/2022\/03\/14\/in_brief_security\/\">within 72 hours<\/a>, but appears to be imposing stricter requirements on rail operators, which is unsurprising given rail is included in CISA&#8217;s <a href=\"https:\/\/www.cisa.gov\/transportation-systems-sector\" rel=\"nofollow\">list<\/a> of critical infrastructure sectors.&nbsp;<\/p>\n<p>The requirements shouldn&#8217;t be too difficult to implement, according to TSA administrator David Pekoske, because industry spokespeople helped develop the rules. &#8220;We are encouraged by the significant collaboration between TSA, [Federal Railroad Administration], CISA and the railroad industry in the development of this security directive.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33967\/Google-Says-Slap-Some-GUAC-On-Your-Software-Supply-Chain.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[8257],"class_list":["post-48996","post","type-post","status-publish","format-standard","hentry","category-packet-storm","tag-headlinegoogle"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Google Says Slap Some GUAC On Your Software Supply Chain 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Google Says Slap Some GUAC On Your Software Supply Chain 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-24T12:51:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Google Says Slap Some GUAC On Your Software Supply Chain\",\"datePublished\":\"2022-10-24T12:51:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/\"},\"wordCount\":1102,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"keywords\":[\"headline,google\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/\",\"name\":\"Google Says Slap Some GUAC On Your Software Supply Chain 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2022-10-24T12:51:04+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-says-slap-some-guac-on-your-software-supply-chain\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,google\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegoogle\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Google Says Slap Some GUAC On Your Software Supply Chain\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Google Says Slap Some GUAC On Your Software Supply Chain 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/","og_locale":"en_US","og_type":"article","og_title":"Google Says Slap Some GUAC On Your Software Supply Chain 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-10-24T12:51:04+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Google Says Slap Some GUAC On Your Software Supply Chain","datePublished":"2022-10-24T12:51:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/"},"wordCount":1102,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","keywords":["headline,google"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/","url":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/","name":"Google Says Slap Some GUAC On Your Software Supply Chain 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2022-10-24T12:51:04+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y1cCG-tWCiYZJxnBOOPO5gAAAIQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/google-says-slap-some-guac-on-your-software-supply-chain\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,google","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegoogle\/"},{"@type":"ListItem","position":3,"name":"Google Says Slap Some GUAC On Your Software Supply Chain"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48996","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48996"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48996\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48996"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48996"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}