Google supports security reviews of these major open source projects

Google We recently promised $ 100 million to a group that manages open source security priorities and helps fix vulnerabilities, detailing eight projects that we currently choose to support.

Just last month, the Linux Foundation Announced that it will directly fund people working on the security of open source projects.. It is supported by Google, Microsoft, the Open Source Security Foundation, and the Linux Foundation Public Health Foundation. The Linux Foundation will adjust the fix when it finds a bug.

Foundations and peers are looking for previously unknown security issues through security audits. Open Source Technology Improvement Fund (OSTIF).. These projects include two Linux kernel security audits.

Google is now throwing that weight behind the chunks of OSTIF’s immediate audit program.

“With Google’s support, OSTIF can launch a Managed Audit Program (MAP), which extends detailed security reviews to key projects essential to the open source ecosystem.” Kaylin Trychon, Security Communications Manager on the Google Open Source Security Team, said:..

Perhaps the largest of the eight Google-funded audit projects is Git, the “de facto” version control software. Created by Linus Torvalds, the creator of the Linux kernel It forms the basis of platforms such as GitHub and GitLab.

“Git is the second most important application in C and the tenth most important application on all platforms,” ​​OSTIF points out, adding that “it is arguably one of the most important open source software in the world.” I am.

The rest are important JavaScript and Java tools and frameworks for web development. The latest JavaScript utility library for web development used in Lodash, Chrome and other browsers. Laravel, PHP web application framework. SLF4J or Simple Logging Facade for Java; Jackson core JSON and Jackson-databind packages for Java. And Httpcomponents-core and Httpcomponents-client.

“The eight libraries, frameworks and apps selected in this round will benefit most from the improved security and will have the greatest impact on the open source ecosystem that depends on them,” explains Trychon. ..

Contributions from Google will help OSTIF find and fix bugs in major open source projects.

OSTIF identified total 25 funded MAP projects, Includes eight Google-funded so far. Other projects pending funding include developers such as Drupal and Joomla web content management systems, Webpack, reprepro, cephs, Facebook-managed React Native, salt, Gatsby, Google-managed Angular, and Red Hat. Includes well-known systems and tools used by. Ansible, and Google’s Guava Java framework.

After a meeting with the President of the United States Joe Biden and last month’s top US tech company, Google announced a $ 10 billion effort to improve the expansion of its Zero Trust program, help protect its software supply chain, and enhance open source security. Google supports security reviews of these major open source projects

Back to top button