Google launches CERT for open source

Google launches CERT for open source

Summary: Google on Tuesday detailed plans for oCERT, a volunteer workforce that will remediate security issues in open source applications.The move makes a ton of sense.

SHARE:

Google on Tuesday detailed plans for oCERT, a volunteer workforce that will remediate security issues in open source applications.

ocert.pngThe move makes a ton of sense. Community driven software can have bugs and plenty of folks to find these vulnerabilities. The problem: There's no central group to actually fix these flaws.

In Google's security blog, Will Drewry said:

I'm proud to announce that Google has sponsored participation in oCERT, the open source computer emergency response team. oCERT is a volunteer workforce of security professionals from the open source community with the goal of providing security vulnerability mediation and incident response services to open source projects. It will strive to contact software authors with all security reports and aid in debugging and patching, especially in cases where the author, or the reporter, doesn't have a background in security. Reliable contacts for projects, publishers, and vendors will be maintained where possible and used for notification when issues arise and fixes are available for mediated issues. Additionally, oCERT will aid projects of any size with responses to security incidents, such as server compromises.

What oCERT does is give corporations a one-stop open source security repository. That'll come in handy when navigating the patch cycle. Dana Blankenhorn notes that "Google’s backing of oCERT is a major milestone in the history of open source."

Topics: Google, Open Source, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Google and FOSS

    Let's kill off MS, then we can all continue doing useful stuff without worrying about a knife in our back.
    fr0thy2
    • ...wonder what the AGPL folk are saying...

      I'm not saying Google is god or nothing...they are still a company. But it aggravates me when people get mad about Google's heavy use and modification of Apache and Linux without releasing the changes as if is the only way to support FOSS. I can already see how an oCERT site would help me on the job when pushing got open solutions. It could definitely ease some fears.
      storm14k
  • RE: Google launches CERT for open source

    Great move... makes complete sense.
    Gabriel Kent
  • RE: Google launches CERT for open source

    Google didn't actually launch anything. oCERT was founded by Inverse Path, Google are a sponsor.
    robholland