Google launches CERT for open source

Summary:Google on Tuesday detailed plans for oCERT, a volunteer workforce that will remediate security issues in open source applications.The move makes a ton of sense.

Google on Tuesday detailed plans for oCERT, a volunteer workforce that will remediate security issues in open source applications.

ocert.png
The move makes a ton of sense. Community driven software can have bugs and plenty of folks to find these vulnerabilities. The problem: There's no central group to actually fix these flaws.

In Google's security blog, Will Drewry said:

I'm proud to announce that Google has sponsored participation in oCERT, the open source computer emergency response team. oCERT is a volunteer workforce of security professionals from the open source community with the goal of providing security vulnerability mediation and incident response services to open source projects. It will strive to contact software authors with all security reports and aid in debugging and patching, especially in cases where the author, or the reporter, doesn't have a background in security. Reliable contacts for projects, publishers, and vendors will be maintained where possible and used for notification when issues arise and fixes are available for mediated issues. Additionally, oCERT will aid projects of any size with responses to security incidents, such as server compromises.

What oCERT does is give corporations a one-stop open source security repository. That'll come in handy when navigating the patch cycle. Dana Blankenhorn notes that "Google’s backing of oCERT is a major milestone in the history of open source."

Topics: Google, Open Source, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.