Google calls for govt help to secure critical open-source software

18

Washington, Jan 14 | Google has called for a public-private partnership to identify a list of critical open source projects and find new ways of identifying software that might pose a systemic risk, as the world grapples with the recent log4j open source software vulnerability that has put millions of devices at hacking risk.

Following a summit on open-source security hosted at the White House on Thursday, Google said the collaboration between government and the private sector was needed for open-source funding and management.

“We need a public-private partnership to identify a list of critical open source projects — with criticality determined based on the influence and importance of a project — to help prioritise and allocate resources for the most essential security assessments and improvements,” said Kent Walker, president for global affairs and chief legal officer at Google and Alphabet.

Open source software code is available to the public, free for anyone to use, modify, or inspect.

Since it is freely available, open source facilitates collaborative innovation and the development of new technologies to help solve shared problems.

“That’s why many aspects of critical infrastructure and national security systems incorporate it. But there’s no official resource allocation and few formal requirements or standards for maintaining the security of that critical code,” said Google.

In fact, most of the work to maintain and enhance the security of open source, including fixing known vulnerabilities, is done on an ad hoc, volunteer basis.

“Longer term, we need new ways of identifying software that might pose a systemic risk — based on how it will be integrated into critical projects — so that we can anticipate the level of security required and provide appropriate resourcing,” Google noted.

The ‘Log4j’ vulnerabilities represent a complex and high-risk situation for companies across the globe.

This open-source component is widely used across many suppliers’ software and services.

“Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. There is high potential for the expanded use of the vulnerabilities,” according to Microsoft.

Cyber criminals are making thousands of attempts to exploit a second vulnerability involving a Java logging system called ‘Apache log4j2’.

Google recently said that more than 35,000 Java packages, amounting to over 8 per cent of the Maven Central repository (the most significant Java package repository), have been impacted by the recently disclosed vulnerabilities with widespread fallout across the software industry.

The Apache Software Foundation has released several updates in the wake of the widespread ‘Log4Shell’ vulnerability in Log4j version 2 branch.

Source: IANS

Next Story

Go Unique Brings Attractive Blouse Designs - gounique.in

Go Unique Brings Attractive Blouse Designs - gounique.in

Go Unique brings attractive blouse designs that make you feel gorgeous and charming.

Celebrate the beautiful you and win everyone’s heart on your wedding day with Go Unique’s exclusive bridal blouse collection.

Saree defines the tradition and culture of Indian women. It narrates the story of the evolution of rich Indian culture from the ages of royal kings to the new digital India. Go Unique was launched with a vision to take this rich fashion heritage of India forward.

True to our name, we design unique blouse patterns that are traditional yet elegant and marvellous. We have a wide collection of exquisite blouse patterns ranging from zari work, embroidery, aari work, mirror work, brocade blouses, embellished patterns and maggam work.

The model wearing our dazzling aari work cotton silk blouse is just a glimpse of our fine bridal collection. Our unique and creative designs are one in a million pieces that is impossible to find anywhere else. From animal motifs, jewellery embroidery, beads, pearls to designer boutique blouses, you get appealing blouses that make you look graceful. Celebrate your day with our finely detailed and rich quality royal blouses and create moments for eternity.

Avirup Majumder and Sreya Kar envisioned the idea to launch a brand that especially tends to the fashion needs of women. Go Unique is based in the lovely city of Kolkata, West Bengal. We understand your fashion sense and design blouses that you can wear confidently making the heads turn as you walk in everywhere.

Be it traditional, bridal, Indo-western, designer, contemporary or semi-traditional, at Go Unique you will get the perfect blouse to pair with your saree. We have a dedicated team of fashion enthusiasts that go one step beyond to come up with out of the box designs to steal your hearts. Go Unique is the sole designer and manufacturer of enticing blouses that is an art piece on its own.

Being a fashion store that focuses on redefining the blouse designs in India, we are committed to our ethics. We value our customers and honour their trust in us. Go Unique uses high-quality fabric, precious threads, stones, beads and pearls for detailing to offer you premium blouses that you have been looking for.

Go Unique celebrates the beautiful Indian culture and the women. It is the one-stop destination for trendy latest and unique blouses for ethnic fashion lovers.

LEAVE A REPLY

Please enter your comment!
Please enter your name here