Google wants secure open-source software to be the future

After attending the recent White House Open Source Software Security Summit, Google is now calling for a public-private partnership to not only fund but also staff essential open-source projects.

In a new blog post, president of global affairs and chief legal officer at both Google and Alphabet, Kent Walker laid out the search giant's plans to better secure the open-source software ecosystem.

For too long, businesses and governments have taken comfort in the assumption that open source software is generally secure due to its transparent nature. While many believe that more eyes watching can help detect and resolve problems in the open source community, some projects actually don't have many eyes on them while others have few or none at all.

To its credit, Google has been working to raise awareness of the state of open source security and the company has invested millions in developing frameworks and new protective tools. However, the Log4j vulnerability and others before it have shown that more work is needed across the ecosystem to develop new models to maintain and secure open source software.

Public-private partnership

In his blog post, Kent proposes creating a new public-private partnership to identify a list of critical open source projects to help prioritize and allocate resources to ensure their security.

In the long term though, new ways of identifying open source software and components that may pose a system risk need to be implemented so that the level of security required can be anticipated and the appropriate resources can be provided.

At the same time, security, maintenance and testing baselines need to be established across both the public and private sector. This will help ensure that national infrastructure and other important systems can continue to rely on open source projects. These standards also should be developed through a collaborative process according to Kent with an “emphasis on frequent updates, continuous testing and verified integrity”. Fortunately, the software community has already started this work with organizations like OpenSFF working across industry to create these standards.

Now that Google has weighed in on the issue of open source security, expect other tech giants like Microsoft and Apple to propose their own ideas regarding the matter.

We've also rounded up the best open source software and the best business laptops

How It works

Search Crack for

Latest IT News

Jan 19
The desktop app has been updated to look similar to other Windows 11 apps that have had a Fluent Design refresh.
Jan 19
Windows 11’s Widgets panel isn’t great – but it looks like Microsoft is going to make it more useful.
Jan 18
A new version of Aerial allows more flyover screensavers to appear on your Mac, alongside HDR and more customization options.
Jan 18
A new version of Aerial allows more flyover screensavers to appear on your Mac, alongside HDR and more customization options.
Jan 18
Firefox Relay being added to a list of burner email services sparked a major debate.
Jan 18
To install the fixes, Windows Server admins will need to manually search for updates.
Jan 18
Python 3.11 is en route to becoming twice as fast as 3.10

Latest cracks