Wednesday, August 11, 2021

Google's Allstar aims to fix vulnerabilities in open source projects

Given that I am almost exclusively relying on free, open source software for my daily work etc., I welcome this initiative!

Finally, let the hackers from Russia, China, North Korea, Iran etc. gnash their teeth! High time these many, dangerous open source software vulnerabilities are taken more seriously! 

How important is this news? "Security gaps increasingly plague large open source projects. The number of open source software vulnerabilities more than doubled in 2019 compared with 2018, according to RiskSense. The implications are far-reaching, considering that an estimated 91% of commercial applications contain outdated or abandoned open source components. ..." (VentureBeat Daily RoundUP newsletter 8/11/2021)

"GitHub [owned by Microsoft] and Google today announced the launch of Allstar, an app that provides automated continuous enforcement of security best practices for GitHub projects. Allstar, which was created by Google and the wider Open Source Security Foundation (OpenSSF), can check for security policy adherence, set enforcement actions, and enact those enforcements when triggered by a setting or file change in a repository. ..."

OpenSFF's Allstar aims to fix vulnerabilities in open source projects | VentureBeat

No comments: