Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Google wants secure open-source software to be the future

Image Description

After attending the recent White House Open Source Software Security Summit, Google is now calling for a public-private partnership to not only fund but also staff essential open-source projects.

In a new blog post, president of global affairs and chief legal officer at both Google and Alphabet, Kent Walker laid out the search giant's plans to better secure the open-source software ecosystem.

For too long, businesses and governments have taken comfort in the assumption that open source software is generally secure due to its transparent nature. While many believe that more eyes watching can help detect and resolve problems in the open source community, some projects actually don't have many eyes on them while others have few or none at all.

To its credit, Google has been working to raise awareness of the state of open source security and the company has invested millions in developing frameworks and new protective tools. However, the Log4j vulnerability and others before it have shown that more work is needed across the ecosystem to develop new models to maintain and secure open source software.

Public-private partnership 

In his blog post, Kent proposes creating a new public-private partnership to identify a list of critical open source projects to help prioritize and allocate resources to ensure their security.

In the long term though, new ways of identifying open source software and components that may pose a system risk need to be implemented so that the level of security required can be anticipated and the appropriate resources can be provided.

At the same time, security, maintenance and testing baselines need to be established across both the public and private sector. This will help ensure that national infrastructure and other important systems can continue to rely on open source projects. These standards also should be developed through a collaborative process according to Kent with an “emphasis on frequent updates, continuous testing and verified integrity”. Fortunately, the software community has already started this work with organizations like OpenSFF working across industry to create these standards.

Now that Google has weighed in on the issue of open source security, expect other tech giants like Microsoft and Apple to propose their own ideas regarding the matter.

We've also rounded up the best open source software and the best business laptops

Date

14 Jan 2022

Sources


Share


Other Blog

  • Windows 11 SE could take cues from the worst version of Windows 10

    Microsoft may be sticking with an S mode experience for Windows 11, the rumor mill reckons.

    Read More
  • We don't need the 12-inch MacBook anymore

    Apple recently sent out a survey to 12-inch MacBook users asking for feedback, leading some to think a new model may be on the way, but do we really need one?

    Read More
  • DeskTime employee monitoring

    In our DeskTime evaluation, we investigate whether this simple time tracking tool can compete with more comprehensive employee monitoring software.

    Read More
  • AMD RX 6600 GPU leak comes with a hopeful release date – but hints at a worrying price tag

    The Sapphire RX 6600 Pulse has been spotted at a European retailer, but hopefully the price is a placeholder.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us