THREAT OPS › Threat News › Introducing OSS Rebuild: Open Source, Rebuilt to Last
Introducing OSS Rebuild: Open Source, Rebuilt to Last
<span class="byline-author">Posted by Matthew Suozzo, Google Open Source Security Team (GOSST)</span><div><br /></div><div><span id="docs-internal-guid-0d823a3a-7fff-31cb-bbfd-deb41fcd8145"><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span face="Arial, sans-serif" style="font-size: 11pt; vertical-align: baseline;">Today we're excited to announce OSS Rebuild, a new
MITRE ATT&CK techniques
Indicators of compromise
- CVE-2025-30066cve
- https://slsa.devurl
- https://static.carahsoft.com/concrete/files/1617/1597/8665/2024_Open_Source_Security_and_Risk_Analysis_Report_WRAPPED.pdfurl
- https://www.hbs.edu/ris/Publication%20Files/24-038_51f8444f-502c-4139-8bf2-56eb4b65c58a.pdfurl
- http://scorecard.dev/url
- https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/url
- https://github.blog/2023-04-19-introducing-npm-package-provenance/url
- https://slsa.dev/spec/v1.0/levels#build-trackurl
- https://slsa.dev/spec/v0.1/provenanceurl
- https://slsa.dev/spec/v1.0/faq#q-how-does-slsa-and-slsa-provenance-relate-to-sbomurl
- https://www.theregister.com/2024/12/05/solana_javascript_sdk_compromised/url
- https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066url
- https://www.akamai.com/blog/security-research/critical-linux-backdoor-xz-utils-discovered-what-to-knowurl
- https://docs.oss-rebuild.dev/storage.htmlurl
- https://slsa.dev/url
- crates.iodomain
- blogger.googleusercontent.comdomain