Google just gave open source software a big boost with the launch of dedicated security and support teams.
The “open source maintenance crew” will be the new team of developers working on security issues related to open source projects, such as configuring updates.
The announcement came at the White House Open Source Security Summit, where Google joined with the Open Source Security Foundation (OpenSSF) and the Linux Foundation to discuss open source security issues.
why move?
Back in December 2021, White House National Security Adviser Jake Sullivan sent a letter to CEOs of US tech companies following the identification of a Log4Shell vulnerability in Apache’s popular open source Java logging framework Log4j.
According to a blog post by Microsoft, to install malware, for cryptomining, to add devices to the Mirai and Muhstik botnets, to emit cobalt strike beacons, to scan for information disclosure, or to search for entire affected networks. Vulnerability to lateral movement was used in
“The problem of securing open-source software is not just about the money, for many important open-source projects it is the amount of people involved and the amount of time they can spend on the work,” said the Principal Engineer of Open Source Security. ” Google, Abhishek Arya.
“Even with more money, we need the ability to direct that money to the right goals. That’s a problem with people and there’s also a problem with money.”
He continued: “To meaningfully address this challenge, Google revived the ‘Open Source Maintenance Crew’ with the idea that an organization like OpenSSF could administer the group and serve as matchmakers for critical projects.” might work.”
The move comes as open source adoption is building momentum and support within the IT community, with use cases such as online collaboration driving its popularity.
The recent 2022 State of Open Source report, conducted by Open Logic, surveyed 2,660 professionals and their organizations who use open source tools, with a quarter (27%) saying they had no reservations about such tools, While only 13.9% were concerned. About their unsafe and untested.
