Google backs open-source security push

 

Gallery

Posted on 7 May 2008 at 10:55

Google has thrown its weight behind Ocert, a volunteer organisation dedicated to tackling security issues in open-source software.

Ocert, or open-source Computer Emergency Response Team, was formed in March and aims to become a repository of patches and bug-fixes for open-source software, ensuring information continues to flow between the community developing the code and the larger vendors distributing it.

According to its own example, small teams which develop crucial bits of code that subsequently turn up in larger applications may not have the means of informing the companies utilising it of the latest bug-fixes. Instead Ocert envisages these coders relaying the information to its website, allowing the site to issue advisories. Open-source distros can then work with Ocert to ensure all the security flaws are plugged.

As one would expect with open-source, Ocert is a volunteer effort with its operating costs covered by corporate sponsors such as Google, which explained why it's backing the effort on its blog.

"[Ocert] will strive to contact software authors with all security reports and aid in debugging and patching, especially in cases where the author, or the reporter, doesn't have a background in security," says the blog.

"Reliable contacts for projects, publishers, and vendors will be maintained where possible and used for notification when issues arise and fixes are available for mediated issues.

"Additionally, Ocert will aid projects of any size with responses to security incidents, such as server compromises. It is our hope that this initiative will not only aid in remediating security issues in a timely fashion, but also provide a means for additional security contributions to the open source community."

Author: Stuart Turton