After recently attending the White House Open Source Software Security Summit, Google is now calling for public-private partnerships to not only fund but staff essential open-source projects.
In a new blog post, Kent Walker, president of global affairs and chief legal officer at both Google and Alphabet, laid out the search giant’s plans to better secure the open-source software ecosystem.
For too long, businesses and governments have taken comfort in the notion that open source software is generally secure due to its transparent nature. While many believe that seeing more eye to eye can help detect and solve problems in the open source community, some projects don’t really have a lot of eye on them while others have little or none at all. it occurs.
To its credit, Google is working to raise awareness of the state of open source security and the company has invested millions in developing frameworks and new protective tools. However, the Log4j vulnerability and others before it have shown that more work needs to be done across the ecosystem to develop new models for maintaining and securing open source software.
public Private Partnership
In his blog post, Kent proposes creating a new public-private partnership to identify a list of important open source projects to help prioritize and allocate resources to ensure their security.
In the long term, however, there is a need to implement new methods of identifying open source software and components that may pose a system risk in order to estimate the level of security required and provide appropriate resources.
Also, there is a need to establish a safety, maintenance and testing baseline in both the public and private sectors. This will help ensure that national infrastructure and other critical systems can continue to rely on open source projects. These standards should also be developed through a collaborative process with “an emphasis on continual updating, continual testing and verifiable integrity,” according to Kent. Fortunately, the software community has already begun this work with organizations like OpenSFF working across the industry to create these standards.
Now that Google has turned its attention to the issue of open source security, expect other tech giants like Microsoft and Apple to offer their views on the matter.
we have scored best open source software And this best business laptop