Google wants to work with government to secure open-source software

"It deserves the same focus and funding we give to our roads and bridges.”

Sponsored Links

Google
Google

Google has called on the US government to take a more proactive role in identifying and protecting open-source projects that are critical to internet security. In a blog post the company published following the White House’s Log4j vulnerability summit on Thursday, Kent Walker, president of global affairs and chief legal officer at Google and Alphabet, said the country needs a public-private partnership that will work to properly fund and staff the most essential open-source projects.

“For too long, the software community has taken comfort in the assumption that open source software is generally secure due to its transparency and the assumption that ‘many eyes’ were watching to detect and resolve problems,” he said. “But in fact, while some projects do have many eyes on them, others have few or none at all.”

According to Walker, the partnership would look at the influence and importance of a project to determine how critical it is to the wider ecosystem. Looking to the future, he says the industry needs new ways to identify software that may, down the line, pose a systemic risk to internet security.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

Walker said there’s also a need for more public and private funding, noting Google is ready to contribute to an organization that matches volunteers from companies like itself to critical projects that need the most support. “Open source software is a connective tissue for much of the online world — it deserves the same focus and funding we give to our roads and bridges,” he said.

The importance of open-source software has been a topic of a lot of discussions following the discovery of the Log4Shell vulnerability. Log4j happens to be one of the most popular and widely used logging library, with services like Steam and iCloud depending on it. Security researcher Marcus Hutchins, who helped stop the spread of WannaCry, called the vulnerability “extremely bad” as it left millions of applications open to attack.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
View All Comments
Google wants to work with government to secure open-source software