Security
Headlines
HeadlinesLatestCVEs

Headline

Google Created 'Open-Source Maintenance Crew' to Help Secure Critical Projects

Google on Thursday announced the creation of a new “Open Source Maintenance Crew” to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine “whether a vulnerability in a dependency might affect your code.” "With this information, developers

The Hacker News
#vulnerability#google#log4j#The Hacker News

Google on Thursday announced the creation of a new “Open Source Maintenance Crew” to focus on bolstering the security of critical open source projects.

Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine “whether a vulnerability in a dependency might affect your code.”

“With this information, developers can understand how their software is put together and the consequences to changes in their dependencies,” the company said.

The development comes as security and trust in the open source software ecosystem has been increasingly thrown into question in the aftermath of a string of supply chain attacks designed to compromise developer workflows.

In December 2021, a critical flaw in the ubiquitous open source Log4j logging library left several companies scrambling to patch their systems against potential abuse.

The announcement also comes less than two weeks after the Open Source Security Foundation (OpenSSF) announced what’s called the Package Analysis project to carry out dynamic analysis of all packages uploaded to popular open source repositories.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related news

Get Lifetime Access to 2022 Cybersecurity Certification Prep Courses @ 95% Off

Ever thought about working full-time in cybersecurity? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications. The 2022 Ultimate Advanced CyberSecurity Professional Certification Bundle helps you collect the full house, with five

Linux, OpenSSF Champion Plan to Improve Open Source Security

The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.