Google bankrolls new push to improve security of critical open source projects

Kingston
(Image credit: Kingston)

Google has provided significant financial support to the Open Source Technology Improvement Fund (OSTIF) as part of its larger push to support securing open source software.

Following President Biden’s cybersecurity meeting last month, Kent Walker, SVP of Global Affairs wrote about the company’s $100 million pledge to support third-party foundations such as OpenSSF that manage open source security priorities and help fix vulnerabilities.

The support for OSTIF, which will cover eight major projects, is part of that commitment explains Kaylin Trychon, from Google Open Source Security Team. 

“Google’s support will allow OSTIF to launch the Managed Audit Program (MAP), which will expand in-depth security reviews to critical projects vital to the open source ecosystem,” wrote Trychon.

More bang for the buck

The OSTIF came into being in May, 2015 and describes itself as a corporate non-profit organization that helps secure open source supply chains by helping solicit funds for noteworthy open source projects.

For MAP, OSTIF identified 25 critical projects, which were further prioritized to identify the eight that will receive support from Google. 

Running through the list of the eight selected projects, which include libraries, frameworks, and apps, Trychon says they were selected because improving their security would make the largest impact on the open source ecosystem.

These eight projects include the popular version control software, Git, a JavaScript utility library, Lodash, and a PHP web application framework, Laravel, along with five other Java related projects.

The tie-up with OSTIF is Google’s latest sponsorship for helping secure open source software and follows its financial backing for a couple of Linux kernel developers to work on security issues exclusively, in addition to its role in security initiatives such as the OpenSSF.

TOPICS
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.