Monday, February 26, 2024

Google wants a public-private partnership to secure open source projects

Must read

Jillian Castillo
Jillian Castillo
"Proud thinker. Tv fanatic. Communicator. Evil student. Food junkie. Passionate coffee geek. Award-winning alcohol advocate."

Log4Shell’s state is causing an uproar. In the beginning of December, a big flaw Discover On the open source logging tool Log4j. Many web services such as iCloud and Twitter or even Steam and Minecraft have been affected. Following these events, the White House organized a meeting yesterday to discuss the issue. There have been very big fish from the web and technology, including Google, Facebook, Amazon and also Apple. The security of open source projects was discussed, and Google is asking the government to participate.

The Log4Shell flaw affected several services. picture : LunaSec.

Google released a Blog post In it, he called for better cooperation between the government and the private sector. If the company regularly pumps money into open sources (through donations to associations, a link in Cyber ​​Security), regrets neglecting the security of several important projects:

For a long time, the software community has stuck to the belief that free software is generally safe due to its transparency and the assumption that “many eyes” are there to find and fix problems. But in reality, while some projects have a lot of eyes, others have few or none at all.

Google notes that there is no official customization or standard for keeping certain pieces of critical code used in critical public infrastructures secure. Corrections and work are made on the spot and on a voluntary basis, while large projects increasingly rely on open source. ” Free software is the connecting web to much of the Internet. They deserve the same attention and financing we give to our roads and bridges. ‘,” the company explains.

See also  Netflix announces new animated series, Sonic Prime

Therefore, Google requires the creation of a public-private partnership to better monitor open source projects. It considers that new safety and maintenance standards are necessary in order to be able to rank defects in order of importance. The goal is to allocate resources to the most important projects and anticipate long-term problems. ” Today’s meeting at the White House was an acknowledgment of this challenge and an important first step in meeting it. The company concludes.

Latest article