Google wants to work with the government to secure open source software
Google called on the US government to take a more proactive role in identifying and protecting open source projects critical to internet security. In a company posting following Thursday’s White House summit, Kent Walker, president of global affairs and chief legal officer of Google and Alphabet, said the country needs a public-private partnership that will work to fund and properly staff the most essential open services. – source projects.
“For too long, the software community has comforted itself with the assumption that open source software is generally secure because of its transparency and the assumption that ‘many eyes’ are watching to detect and fix problems” , did he declare. “But in fact, while some projects have a lot of eyes on them, others have few or none at all.”
According to Walker, the partnership would examine the influence and importance of a project to determine how critical it is to the wider ecosystem. Looking to the future, he says the industry needs new ways to identify software that could ultimately pose a systemic risk to internet security.
Walker said there was also a need for more public and private funding, noting that Google is willing to contribute to an organization that matches volunteers from companies like it with critical projects that need support the most. “Open source software is a connective tissue for much of the online world – it deserves the same attention and funding we give to our roads and bridges,” he said.
The importance of open source software has been widely discussed following the discovery of the Log4Shell vulnerability. Log4j happens to be one of the most popular and widely used logging libraries, with services like Steam and iCloud relying on it. The security researcher, who helped stop the spread of WannaCry, called the vulnerability “extremely bad” because it left millions of apps open to attack.