Connect with us

Google

Making Open Source software safer and more secure

We welcomed the opportunity to participate in the White House Open Source Software Security Summit today, building on our work with the Administration to strengthen America’s collective cybersecurity through critical areas like open source software.Industries and governments have been making strides to tackle the frequent security issues that plague legacy, proprietary software. The recent log4j…

Published

on

We welcomed the opportunity to participate in the White House Open Source Software Security Summit today, building on our work with the Administration to strengthen America’s collective cybersecurity through critical areas like open source software.

Industries and governments have been making strides to tackle the frequent security issues that plague legacy, proprietary software. The recent log4j open source software vulnerability shows that we need the same attention and commitment to safeguarding open source tools, which are just as critical.

Open source software code is available to the public, free for anyone to use, modify, or inspect. Because it is freely available, open source facilitates collaborative innovation and the development of new technologies to help solve shared problems. That’s why many aspects of critical infrastructure and national security systems incorporate it. But there’s no official resource allocation and few formal requirements or standards for maintaining the security of that critical code. In fact, most of the work to maintain and enhance the security of open source, including fixing known vulnerabilities, is done on an ad hoc, volunteer basis.

For too long, the software community has taken comfort in the assumption that open source software is generally secure due to its transparency and the assumption that “many eyes” were watching to detect and resolve problems. But in fact, while some projects do have many eyes on them, others have few or none at all.

At Google, we’ve been working to raise awareness of the state of open source security. We’ve invested millions in developing frameworks and new protective tools. We’ve also contributed financial resources to groups and individuals working on securing foundational open source projects like Linux. Just last year, as part of our $10 billion commitment to advancing cybersecurity, we pledged to expand the application of our Supply chain Levels for Software Artifacts (SLSA or “Salsa”) framework to protect key open source components. That includes $100 million to support independent organizations, like the Open Source Security Foundation (OpenSSF), that manage open source security priorities and help fix vulnerabilities.

But we know more work is needed across the ecosystem to create new models for maintaining and securing open source software. During today’s meeting, we shared a series of proposals for how to do this:

Source

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Google

New ways to enhance agency efficiency

Introducing enhanced agency tools and new curation capabilities for managing workflows, forecasting and direct deals with publishers. Source

Published

on

By

Introducing enhanced agency tools and new curation capabilities for managing workflows, forecasting and direct deals with publishers.

Source

Continue Reading

Google

Google’s vision for a healthier future

Learn about Google’s four-pillar health strategy aimed at improving global health. Source

Published

on

By

Learn about Google’s four-pillar health strategy aimed at improving global health.

Source

Continue Reading

Google

How we built Google Meet’s adaptive audio feature

Here’s how we built adaptive audio in Meet, which transforms multiple laptops in close proximity into a unified audio system so you can create ad-hoc meeting spaces IRL. Source

Published

on

By

Here’s how we built adaptive audio in Meet, which transforms multiple laptops in close proximity into a unified audio system so you can create ad-hoc meeting spaces IRL.

Source

Continue Reading

Trending

Copyright © 2021 Today's Digital.