Google joined the Open Source Security Foundation, Linux Foundation, and industry leaders for a meeting during January’s White House Summit on Open Source Security. During this meeting, Google announced the creation of its new Open Source Maintenance Crew. It is a dedicated staff of Google engineers who will work closely with upstream maintainers on improving the security of critical open source projects.
Know, Prevent, Fix
Additionally, Google also announced that they have contributed ideas and participated in discussions on improving the security and trustworthiness of open-source software. A little over a year ago Google published Know, Prevent, Fix, which laid out a framework for how the software industry could address vulnerabilities in open-source software.
The framework proved prescient: beyond just the increased discussion about open source security, we’re witnessing real progress in the industry to act on those discussions. Google said,
« The amount of progress in the past year is very encouraging: we as an industry have come together to discuss, fund, and make headway on many of the difficult problems that affect us all. The solutions are not just being talked about, but also built, refined, and applied. Now we need to magnify this progress by integrating these solutions with tooling and language ecosystems: every open source developer should have effortless access to end-to-end security by default. Google is committed to continuing our work with the OpenSSF to achieve these goals. »