Google Helps OSTIF Boost Security of Open Source Projects

Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects.

The announcement, which follows Google’s $100 million pledge to open source security projects, will help OSTIF launch its Managed Audit Program (MAP), meant to review the security of projects critical to the open source environment.

A total of eight projects will benefit from Google’s contribution, including Git, the version control software in modern DevOps, considered the second-most critical application in C; Lodash, a JavaScript utility library that has more than 200 functions to help web development; and Laravel, a php web application framework used in full-stack web applications.

The remaining projects include Slf4j, a logging facade for Java logging frameworks; Jackson-core & Jackson-databind, which are considered the most-used non-JavaScript packages; and Httpcomponents-core & Httpcomponents-client, which are the core and client components of Apache httpcomponents.

“This marks a major success in bringing on large corporate donors to support OSTIF’s model of improving open source software through security reviews and source code audits. A focused, well-scoped review by an experienced team can drive significant and long-lasting improvements in widely used projects,” according to an OSTIF statement.

OSTIF said the Managed Audit Program will help expand security reviews to more projects vital to the open source ecosystem. Improvements brought to the selected eight libraries, frameworks, and apps are expected to have a great overall impact on the open-source ecosystem relying on them.

Related: Cisco, Sonatype and Others Join Open Source Security Foundation

Related: Tool Helps Developers Visualize Dependencies of Open Source Projects