Google recently announced a $100 million donation to organizations that manage open source security priorities and assist with vulnerability fixes. Google has now revealed eight of the projects it will fund.
The Linux Foundation, too, recently stated that it would directly support people working on open-source project security. The Open Source Security Foundation, Microsoft, Google, and the Linux Foundation Public Health (LFPH) have all supported it. When bugs are discovered, the Linux Foundation coordinates fixes.
The foundation and its colleagues also look for previously unknown security problems through security audits conducted by the non-profit organization Open Source Technology Improvement Fund (OSTIF). Two Linux kernel security audits are among these initiatives.
Now, Google is supporting a portion of OSTIF’s urgent audit plans. With Google’s help, OSTIF will start the Managed Audit Program (MAP), which will expand in-depth security evaluations to critical open source projects.
Git, the “de facto” version control software established by Linux kernel founder Linus Torvalds and forms the backbone of platforms like GitHub and GitLab, is perhaps the largest of the eight audit projects Google is sponsoring.
The remaining ones are essential JavaScript and Java web development tools and frameworks, such as:
- Lodash – a modern JavaScript utility library for web development that’s used in Chrome and other browsers
- Laravel – a PHP web application framework
- SLF4J or Simple Logging Facade for Java
- The Jackson-core JSON for Java and the Jackson-databind package
- Httpcomponents-core and Httpcomponents-client
These eight projects would gain the most from security enhancements and influence the open-source environment relying on them. Google’s donation will aid OSTIF in finding and fixing vulnerabilities in major open-source projects.
Following last month’s meeting between US President Joe Biden and senior US IT corporations, Google has pledged $10 billion to expand zero-trust initiatives, assist in the security of software supply chains, and improve open source security.
