Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
223925 THEVERGE 2022-1-13:
Google calls for new government action to protect open-source software projects
1.000 Find similar Compare side-by-side
224024 ZDNET 2022-1-13:
Log4j: Google and IBM call for list of critical open source projects
0.963 0.736 Find similar Compare side-by-side
224018 ZDNET 2022-1-13:
After Log4j, White House fears the next big open source vulnerability
0.176 0.554 Find similar Compare side-by-side
224318 ZDNET 2022-1-16:
For security alone, we could try paying open source projects properly
0.520 Find similar Compare side-by-side
224067 ZDNET 2022-1-13:
When open-source developers go bad
0.021 0.441 Find similar Compare side-by-side
224016 ZDNET 2022-1-13:
Wireshark creator joins Sysdig to extend it to cloud security
0.003 0.435 Find similar Compare side-by-side
224071 ZDNET 2022-1-13:
EVerest: The open source software stack for EV charging infrastructure
0.004 0.410 Find similar Compare side-by-side
224273 VENTUREBEAT 2022-1-17:
Device42 aims to identify Log4j vulnerabilities
0.339 Find similar Compare side-by-side
223704 ARSTECHNICA 2022-1-10:
Developer sabotages his own apps, then claims Aaron Swartz was murdered
0.302 Find similar Compare side-by-side
224075 ZDNET 2022-1-13:
IBM, Clemson, Linux Foundation join forces for sustainable crop information platform
0.294 Find similar Compare side-by-side
224308 ZDNET 2022-1-14:
Attack Surface Management: Where is the market going?
0.285 Find similar Compare side-by-side
223699 TECHREPUBLIC 2022-1-10:
The rise of the CISO: The escalation in cyberattacks makes this role increasingly important
0.277 Find similar Compare side-by-side
223799 ARSTECHNICA 2022-1-11:
Google hired union-busting consultants to convince employees “unions suck”
0.272 Find similar Compare side-by-side
223731 ZDNET 2022-1-11:
Best online doctorate in project management degrees 2022: Top picks
0.271 Find similar Compare side-by-side
223733 VENTUREBEAT 2022-1-11:
Sverica Capital Management Announces the Promotions of Michael Dougherty to Principal and Doug Patrican to Vice President
0.260 Find similar Compare side-by-side
223761 ZDNET 2022-1-11:
KCodes NetUSB kernel remote code execution flaw impacts millions of devices
0.242 Find similar Compare side-by-side
223937 VENTUREBEAT 2022-1-12:
SAP supply chains need zero trust to reach enterprise cybersecurity
0.240 Find similar Compare side-by-side
224069 ZDNET 2022-1-13:
Google Meet calls get live translated captions
0.237 Find similar Compare side-by-side
224173 THEVERGE 2022-1-17:
Google fixes issue with the Assistant’s white noise sound that had sparked user outcry
0.236 Find similar Compare side-by-side
223815 ZDNET 2022-1-10:
CISA director: 'We have not seen significant intrusions' from Log4j -- yet
0.236 Find similar Compare side-by-side
223821 TECHREPUBLIC 2022-1-10:
URL parsing: A ticking time bomb of security exploits
0.234 Find similar Compare side-by-side
223654 THEVERGE 2022-1-12:
Biden administration announces major new initiatives to clean up the electric grid
0.232 Find similar Compare side-by-side
223679 ZDNET 2022-1-12:
US Dept. of Veterans Affairs signs $13M contract with Google Cloud for better API management
0.229 Find similar Compare side-by-side
223644 VENTUREBEAT 2022-1-12:
Department of Veterans Affairs signs $13M contract with Google Cloud
0.226 Find similar Compare side-by-side
224007 THEVERGE 2022-1-14:
Bill Gates’ climate fund looks to funnel billions into carbon removal, green hydrogen, and more
0.226 Find similar Compare side-by-side

1

ID: 223925

URL: https://www.theverge.com/2022/1/13/22882176/google-government-action-protect-open-source-software-funding-security

Date: 2022-01-13

Google calls for new government action to protect open-source software projects

Following a summit on open-source security hosted at the White House Thursday, Google has called for increasing government involvement in identifying and securing critical open-source software projects. In a blog post published shortly after the summit, Kent Walker, president for global affairs and chief legal officer at Google and Alphabet, said that collaboration between government and the private sector was needed for open-source funding and management. We need a public-private partnership to identify a list of critical open source projects — with criticality determined based on the influence and importance of a project — to help prioritize and allocate resources for the most essential security assessments and improvements, Walker wrote. The blog post also called for an increase in public and private investment to keep the open-source ecosystem secure, particularly when the software is used in infrastructure projects. For the most part, funding and review of such projects are conducted by the private sector. The White House had not responded to a request for comment by time of publication. Open source software code is available to the public, free for anyone to use, modify, or inspect ... Thats why many aspects of critical infrastructure and national security systems incorporate it, wrote Walker. But theres no official resource allocation and few formal requirements or standards for maintaining the security of that critical code. In fact, most of the work to maintain and enhance the security of open source, including fixing known vulnerabilities, is done on an ad hoc, volunteer basis. The shortage of funding and resources for open-source development has long been raised as a security concern and has re-emerged as a key issue after the discovery of a serious bug in the Log4j Java library, which quickly became the biggest cybersecurity vulnerability in recent years. The Log4j library was also developed and maintained largely by unpaid labor. When open-source projects do receive funding, it generally comes from private sources like individual donations or sponsorship from tech companies. Google recently contributed $1 million to the Secure Open Source (SOS) rewards program, a pilot scheme being run by the Linux Foundation to financially compensate developers working to improve the security of open-source projects. In a statement, Eric Brewer, VP of Infrastructure at Google, said: Though it was called a summit, todays meeting was effectively a working session to develop concrete, pragmatic solutions to improve open source security. The participants broadly agreed on approaches to identify and secure critical projects, and in particular underwrite those efforts with real investment. It is especially crucial that those maintaining open-source projects are given the resources and support they need to ensure they are well maintained and are able to fix vulnerabilities quickly. We applaud the White House for their leadership on this important issue. Update Jan 14th, 8:50AM ET: This article has been updated to add a statement from Eric Brewer.