Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects
On Thursday, Google announced the creation of a new “Open Source Maintenance Crew” to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine “whether a vulnerability in a dependency might affect your code.”
“With this information, developers can understand how their software is put together and the consequences to changes in their dependencies,” the company said.
The development comes as security and trust in the open source software ecosystem has been increasingly thrown into question in the aftermath of a string of supply chain attacks designed to compromise developer workflows.
Read the full article here – https://thehackernews.com/2022/05/google-created-open-source-maintenance.html