Google has provided significant financial support to the Open Source Technology Improvement Fund (OSTIF) as part of its larger push to support securing open source software (opens in new tab).
Following President Biden’s cybersecurity meeting (opens in new tab) last month, Kent Walker, SVP of Global Affairs wrote (opens in new tab) about the company’s $100 million pledge to support third-party foundations such as OpenSSF (opens in new tab) that manage open source security priorities and help fix vulnerabilities.
The support for OSTIF, which will cover eight major projects, is part of that commitment explains (opens in new tab) Kaylin Trychon, from Google Open Source Security Team.
- Protect your devices with these best antivirus software (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- These are the best ransomware protection tools (opens in new tab)
“Google’s support will allow OSTIF to launch the Managed Audit Program (MAP), which will expand in-depth security reviews to critical projects vital to the open source ecosystem,” wrote Trychon.
More bang for the buck
The OSTIF came into being in May, 2015 and describes itself as a corporate non-profit organization that helps secure open source supply chains by helping solicit funds for noteworthy open source projects.
For MAP, OSTIF identified 25 critical projects, which were further prioritized to identify the eight that will receive support from Google.
Running through the list of the eight selected projects, which include libraries, frameworks, and apps, Trychon says they were selected because improving their security would make the largest impact on the open source ecosystem.
The tie-up with OSTIF is Google’s latest sponsorship for helping secure open source software and follows its financial backing for a couple of Linux kernel developers (opens in new tab) to work on security issues exclusively, in addition to its role in security initiatives such as the OpenSSF.
- We've put together a list of the best endpoint protection (opens in new tab) software