Google and GitHub want to make open source software more secure


Recent cybersecurity threats like Log4Shell have sparked interest in public-private partnerships and other initiatives to protect open source software.

Major US tech companies, including Google and GitHub, met at a White House summit yesterday (Jan 13) to discuss ways to make the open source software space more secure in light of recent vulnerabilities.

New standards for open source software security, increased funding for developers in the space, and public-private partnerships to secure the ecosystem were some of the ideas that emerged during the summit on the future of open source development.

Recent cybersecurity threats with global implications prompted the US government to hold the summit, including the Log4Shell default that came up last month.

However, security threats from open source software are not a new phenomenon. the heartbleed bug revealed in 2014, which was a serious flaw in OpenSSL web encryption software, was one of the first big security threats in the space. At the time it was believed that up to 17% of secure web servers could be vulnerable.

“There will be another big issue at some point in the future that we’ll have to respond to,” said GitHub Security Director Mike Hanley. protocol said after the White House summit, indicating that Log4Shell will not be the last threat facing open source software.

Google made a number of proposals at the summit, including a public-private partnership to identify a list of critical open source projects to help prioritize and allocate resources accordingly.

“We proposed establishing an organization that would serve as a marketplace for open source maintenance, connecting corporate volunteers with critical projects that most need support,” Kent Walker, Google’s president of global affairs and chief legal officer, wrote in a statement. . blog post.

GitHub echoed Google’s willingness to contribute resources to this effort, revealing plans to up its game in the open source software security space in 2022 with an updated set of tools to help its 73 million developers. to manage vulnerabilities.

“Developers aren’t necessarily security experts, nor should they be, so we focused intensely on making it easier for them to write more secure code without friction,” Hanley wrote in a blog post. blog post.

In addition to tools, he said GitHub was ready to offer developers more opportunities for improvement and training, as well as finding more funding through programs like the GitHub Security Lab and GitHub Sponsors.

Robert Blumofe, CTO of US cybersecurity firm Akamai and one of the summit attendees, told Protocol that the very existence of the summit was an indication of the US government’s recognition of the Importance of open source software.

“It wouldn’t have been entirely inconceivable for the government to start taking a very negative approach and say, ‘Well, we can’t trust open source,’ or see open source as the scapegoat,” he added.

Don’t miss out on the knowledge you need to be successful. Sign up for the daily letter, Silicon Republic’s roundup of necessary science and technology news.


Please enter your comment!
Please enter your name here