Google has asked the US government to take a more proactive role in identifying and protecting open source projects that are critical to Internet security. On a The company published after the White House summit on Thursday, Kent Walker, president of global affairs and chief legal officer at Google and Alphabet, said the country needs a working public-private partnership to properly fund and contract the code. open most essential projects.
“For too long, the software community has taken comfort in the assumption that open source software is generally safe because of its transparency and the assumption that ‘many eyes’ were watching to detect and resolve issues,” he said. “But actually, while some projects have a lot of eyes on them, others have few or none.”
According to Walker, the partnership would analyze a project’s influence and importance to determine how critical it is to the wider ecosystem. Looking ahead, he says the industry needs new ways to identify software that could, in the future, pose a systemic risk to Internet security.
Walker said there is also a need for more public and private funding, noting that Google is ready to contribute an organization that combines volunteers from companies like it for critical projects that need more support. “Open source software is a connective tissue for much of the online world – it deserves the same focus and funding that we give our roads and bridges,” he said.
The importance of open source software has been a topic of much discussion after the discovery of the Log4Shell vulnerability. Log4j is one of the most popular and widely used logging libraries, with services like Steam and iCloud depending on it. The security researcher, who helped stop the spread of WannaCry, called the vulnerability “extremely bad” as it left millions of apps open to attack.
All products recommended by Ploonge are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.