More+
2 min (s) to read

Disclaimer: We may earn a commission if you make any purchase by clicking our links. Please see our detailed guide here.

Follow us on:

Google

Google Calls for Govt Help to Secure Critical Open-Source Software

IANS
IANS
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.
Gray And White Google Building | Image credit: hk/Unsplash

Join the Opinion Leaders Network

Join the Techgenyz Opinion Leaders Network today and become part of a vibrant community of change-makers. Together, we can create a brighter future by shaping opinions, driving conversations, and transforming ideas into reality.

Join Now

Google has called for a public-private partnership to identify a list of critical open source projects and find new ways of identifying software that might pose a systemic risk as the world grapples with the recent log4j open-source software vulnerability that has put millions of devices at hacking risk.

Following a summit on open-source security hosted at the White House on Thursday, Google said the collaboration between government and the private sector was needed for open-source funding and management.

“We need a public-private partnership to identify a list of critical open source projects — with criticality determined based on the influence and importance of a project — to help prioritise and allocate resources for the most essential security assessments and improvements,” said Kent Walker, president for global affairs and chief legal officer at Google and Alphabet.

Open-source software code is available to the public, free for anyone to use, modify, or inspect.

Since it is freely available, open-source facilitates collaborative innovation and the development of new technologies to help solve shared problems.

“That’s why many aspects of critical infrastructure and national security systems incorporate it. But there’s no official resource allocation and few formal requirements or standards for maintaining the security of that critical code,” said Google.

In fact, most of the work to maintain and enhance open source security, including fixing known vulnerabilities, is done on an ad hoc, volunteer basis.

“Longer term, we need new ways of identifying software that might pose a systemic risk — based on how it will be integrated into critical projects — so that we can anticipate the level of security required and provide appropriate resourcing,” Google noted.

The ‘Log4j’ vulnerabilities represent a complex and high-risk situation for companies across the globe.

This open-source component is widely used across many suppliers’ software and services.

“Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. There is high potential for the expanded use of the vulnerabilities,” according to Microsoft.

Cybercriminals are making thousands of attempts to exploit a second vulnerability involving a Java logging system called ‘Apache log4j2’.

Google recently said that more than 35,000 Java packages, amounting to over 8 percent of the Maven Central repository (the most significant Java package repository), have been impacted by the recently disclosed vulnerabilities with widespread fallout across the software industry.

The Apache Software Foundation has released several updates in the wake of the widespread ‘Log4Shell’ vulnerability in Log4j version 2 branch.

Partner With Us

Digital advertising offers a way for your business to reach out and make much-needed connections with your audience in a meaningful way. Advertising on Techgenyz will help you build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Know More
Join 10,000+ Fellow Readers

Get Techgenyz’s roundup delivered to your inbox curated with the most important for you that keeps you updated about the future tech, mobile, space, gaming, business and more.

Recomended

Find Apps

The Ultimate Hub for Discovering Apps Unlock a world of apps: your ultimate hub for exploring and discovering limitless possibilities for on your every needs.

Explore

Power Your Business

Solutions you need to super charge your business and drive growth

See All
tg Aff Semrush

Semrush

Beat your competitor's SEO and PPC strategy with the world's leading competitive intelligence software for digital marketing—a complete workflow and all-in-one marketing toolkit for digital marketing professionals.
Beat your competitor's SEO and PPC strategy with the world's...
Get it for free
tg Aff OptinMonster

OptinMonster

Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.
Instantly boost leads and grow revenue with the #1 most powe...
Get it for free
tg Aff WP Engine

WP Engine

WP Engine drives your business forward faster with the first and only WordPress Digital Experience Platform with the best WordPress hosting. Hosting fast, reliable, and secure WordPress sites.
WP Engine drives your business forward faster with the first...
Get it for free
Tidio Logo Square

Tidio

Solve up to 70% of customer problems with conversational AI using Tidio. Get started free, turn conversations into sales opportunities with Live Chat and Chatbots, and provide hands-on support.
Solve up to 70% of customer problems with conversational AI ...
Get it for free

More from this topic