Google Forms An 'open-source Maintenance Crew' To Assist With The Security Of Critical Projects

Google announced the formation of a new "Open Source Maintenance Crew" to improve the security of major open-source projects.
SIA Team
May 13, 2022

Google announced the formation of a new "Open Source Maintenance Crew" to improve the security of major open-source projects.

"Developers can comprehend how their software is put together and the repercussions of changes in their dependencies using this information," the business claimed.

The news comes as the open-source software ecosystem's security and trust have been called into question in the wake of a series of supply chain assaults aimed at disrupting developer processes.

Furthermore, the tech giant mentioned Open Source Insights as a tool for analyzing packages and dependency graphs, to determine "if a vulnerability in a dependency might influence your code."

In December 2021, a serious flaw in the widely used open-source Log4j logging library prompted some companies to race to secure their systems against potential exploitation.

The announcement comes less than two weeks after the Open Source Security Foundation (OpenSSF) announced the Package Analysis program, which seeks to conduct dynamic analysis of all packages released to popular open-source repositories.

cross