Google complained on January 13 (local time) that public and private sectors needed to protect open source software.This was announced at the open source software security summit held in the White House following the problem of vulnerability found in the Log4J of the open source library, which has been a big topic since December 2021.
Google pointed out that most of the open source software used in important infrastructure and national security systems, is volunteered by most of the security tasks.Open source software is generally used on the premise that the code is widely published and its transparency and many eyes are monitoring.However, although some projects are turned on, they are not looking at any other projects at all.
In fact, it is reported that Log4J, a logging library, etc., which is also used in Steam, iCloud, Amazon, Twitter, and MinCraft, had only three mainteners on GitHub.
"Given the importance of digital infrastructure in our lives, it may be time to think in the same way as physical infrastructure. Open source software is an organization that connects many parts of the online world.We need to pay attention to roads and bridges and provide funds, "he calls for the industry and the government to support important open source projects.
There is already an Open Source Security Foundation (OpenSSF), which manages the priority of open source security and supports vulnerabilities, but Google has spent $ 100 million to support these organizations.That's it.
Source: Google
あなたのプライバシー設定では、このコンテンツをご利用できません。こちらで設定を変更してくださいあなたのプライバシー設定では、このコンテンツをご利用できません。こちらで設定を変更してくださいあなたのプライバシー設定では、このコンテンツをご利用できません。こちらで設定を変更してくださいあなたのプライバシー設定では、このコンテンツをご利用できません。こちらで設定を変更してください