Google recently called on the US government to “take a more active role” in identifying and protecting open source projects, which in turn are critical to the safety of all users on the Internet. And going into more detail, in a blog post published by the company following the Log4j vulnerability summit at the White House on Thursday, Kent Walker, president of international affairs and general counsel for Google and Alphabet, said: “What the country needs is a public-private partnership, that will work to properly fund and staff the most important open source projects.”
Moreover, also within the same statement, he added the following: “For too long, the software community has taken comfort in the assumption that open source software is generally safe due to its transparency and the assumption that ‘many eyes’ are watching the discovery and problem solving. However, in reality, while some projects are indeed paid attention to by many, others are thrown either by an extremely small amount of effort, or they are not allocated at all. Also according to Kent Walker, the proposed partnership will consider the impact and importance of each individual project in order to determine how important it is to the wider ecosystem.
Looking to the future, he says the industry literally needs new ways to identify software that could pose a systemic risk to Internet security in the future. Kent Walker said there is a need for more public and private funding, noting that Google is indeed ready to contribute to an organization that will recruit volunteers from companies like itself for critical projects that need the greatest support. “Open source software is the link to much of the online world—it deserves the same attention and funding that we spend on our roads and bridges,” he said.
In general, the importance of open source software has been the subject of much discussion since the recent discovery of the highly dangerous and widespread Log4Shell vulnerability. Log4j, if you’re not aware, is one of the most popular and widely used logging libraries around the world. Services such as Steam and iCloud depend on it, for example. Security researcher Marcus Hutchins, who helped stop the spread of WannaCry, called the vulnerability “extremely dangerous” because it left millions of applications open to attack.