How Google is improving the security of critical OSM projects15. May 2022
How Google is improving the security of critical OSM projects
San Francisco, 5/15/2022
Google has announced the formation of a new “Open Source Maintenance Crew.” Its goal is to improve the security of critical open source projects.
The company has unveiled Open Source Insights as a tool for analyzing packages and their dependency graphs to determine if a vulnerability in a dependency could affect code.
The development comes at a time when security in the open source software ecosystem is increasingly at risk due to a series of supply chain attacks aimed at compromising developer workflows.
Example: In December 2021, a vulnerability in the open source logging library Log4j caused several companies to scramble to protect their systems against potential misuse.
Two weeks ago, the Open Source Security Foundation announced the Package Analysis project, which will perform a dynamic analysis of all packages uploaded to popular open source repositories.