Google is lending its security expertise to the open-source community to help plug security holes with its oCERT team. While much remains to be seen as to how successfully or actively oCERT will operate, it’s a welcome addition to the open-source world by Google.
oCERT, short for the open-source computer emergency response team, will aim to remediate security vulnerabilities and exploits in a wide range of open-source programs by coordinating communication among publishers. According to Google’s security blog, the group “will strive to contact software authors with all security reports and aid in debugging and patching, especially in cases where the author, or the reporter, doesn’t have a background in security.”
Now if we could just get Google to contribute back all of its modifications to these projects…
I assume that oCERT will focus on community, as opposed to company-maintained projects, which perhaps limits its utility. But then, it would be unrealistic to expect Google to take on the full burden of open-source security. By lending some expertise to projects that may lack security prowess, Google is doing the open-source world a favor.
commentary