How Google is improving the security of critical OSM projects

How Google is improving the security of critical OSM projects

15. Mai 2022 0 Von Horst Buchwald

How Google is improving the security of critical OSM projects

San Francisco, 5/15/2022

Google has announced the formation of a new „Open Source Maintenance Crew.“ Its goal is to improve the security of critical open source projects.

The company has unveiled Open Source Insights as a tool for analyzing packages and their dependency graphs to determine if a vulnerability in a dependency could affect code.

The development comes at a time when security in the open source software ecosystem is increasingly at risk due to a series of supply chain attacks aimed at compromising developer workflows.

Example: In December 2021, a vulnerability in the open source logging library Log4j caused several companies to scramble to protect their systems against potential misuse.

Two weeks ago, the Open Source Security Foundation announced the Package Analysis project, which will perform a dynamic analysis of all packages uploaded to popular open source repositories.