Google just gave open source software a big boost with the introduction of dedicated security and support teams.
The “Open Source Maintenance Crew” will be a new team of developers working on security issues related to open source projects, such as configuring updates.
The announcement came at the Open Source Security Summit at the White House, where Google joined the Open Source Security Foundation (OpenSSF) and the Linux Foundation to discuss issues surrounding open source security.
Why the move?
Back in December 2021, White House National Security Advisor Jake Sullivan sent a letter to CEOs of US tech companies after identifying the Log4Shell vulnerability in Apache’s popular open-source Java logging framework, Log4j.
The vulnerability was used to install malware, for cryptomining, to add the devices to the Mirai and Muhstik botnets, to drop Cobalt Strike beacons, to search for information or to move laterally throughout the affected network, as a