Google has launched an open source maintenance crew

Google has launched an open source maintenance crew ...

At the White House Open Source Security Summit, Google met with the Open Source Security Foundation (OpenSSF), the Linux Foundation, and other industry leaders to discuss open source security initiatives, and announced the formation of an Open Source Maintenance Crew.

The maintenance crew is a team of developers who will work to ensure the security of upstream open source projects, from tightening configurations to updating them.

Both have the potential to reduce problems that put enterprises at danger and improve the overall security of the software supply chain.

Google is aiming to secure the supply chain of software.

Concerns over open source vulnerabilities have risen, mainly following a spate of Log4j breaches, and more broadly as supply chain attacks on open source software components risen 650% in 2021.

It comes just weeks after launching a new software supply chain security tool for Kubernetes, former Google engineers from Chainguard.

Private corporations like Google and Chainguard are required to assist underfunded and understaffed open source projects in order to achieve significant security improvements.

This problem of securing open source software is not just about money, it is about the amount of people involved in these critical open source projects and how much time they can spend, according to Google''s Principal Engineer.

Even with more funding, we need the ability to direct that money to the appropriate goals. This is a people problem as well as a money problem. Google contacted the Open Source Maintenance Crew to demonstrate that an organization like OpenSSF can administer the group and server as a matchmaker for important projects, according to Arya.

In practice, Arya says that the maintenance crew will be tasked with tightening security configurations, such as bolstering dependencies, adding automated dependency updates to safeguard against common supply chain attacks, and strengthening the ability of the OpenSSF Security Incident Response team to assist in emergency situations.

A look at the evolution of the open-source services industry.

One of the major concerns for the growth of open source security initiatives is that the open source services sector is in a state of expansion, with researchers anticipating that the market will reach a value of $50 billion by 2026, with a compound annual growth rate of 18.2%.

Several private companies have raised substantial funds for software supply chains in the past few weeks.

Socket announced that it has raised $4.6 million to audit open source code, locate malicious dependencies, and secure the JavaScript supply chain.

Phylum, a software supply chain security company, announced last week that it had raised $15 million in Series A funding and offered a solution that included risk scores for open source software packages.

Companies like Google, Chainguard, Socket, and Phylum have done a concerted effort to ensure that their organizations can trust the open source components they use throughout the supply chain.

You may also like: