The ever-growing importance of open source projects means it is time for new security standards, according to Google. To this end, the Internet giant wants to work with the government.
Google wants to work with the government to create new standards for open source projects. The company notes that more and more software relies on open source components. Some components are indispensable and are widely integrated. In light of the Log4j debacle, Google wants to identify critical open source projects and subject them to new standards.
After a consultation with the U.S. White House, Google proposes to develop such basic standards with the government. These would deal with security, maintenance and testing. The government assistance should complement the transparency of the projects, further reducing the chances of something going wrong and affecting critical infrastructure.
Investing together
Google is calling for more investment, from both the public and private sectors, to maintain key open source projects. Especially when the public sector relies on open source, that would be appropriate.
Google’s advice is aimed primarily at the US, but sounds relevant to our country as well. After all, Belgian defense is a major victim of the Log4Shell vulnerability in Log4j, with significant consequences. It does not sound illogical to ask governments that rely on open source to make an extra effort to co-support important projects.