Google releases new open-source security software program


Google releases new open-source security software program

According to the Synopsys Cybersecurity Research Center (CyRC) 2021 “Open Source Security and Risk Analysis” (OSSRA) report, 95% of all commercial programs include open source software. According to the number of CyRCs, most of that code contains old or insecure code. But how can you determine which libraries and other components are safe without digging deep into your code? Google and the Open Source Security Foundation (OSSF) have a quick and easy answer, the OpenSSF Security Scorecard.


As per Texasnewstoday, these scorecards are based on an automated set of pass / fail checks and provide a quick review of many open source software projects. Scorecard projects are automated security tools that generate “risk scores” for open source programs.


This is important because only some organizations have implemented systems and processes to check for new open source dependencies on security issues. However, even with Google, using all of its resources makes this process tedious, manual, and error-prone. To make matters worse, many of these projects and developers are resource-constrained. result? Security often has a lower priority in the task list. This makes critical projects vulnerable to exploits without following proper security best practices.


The Scorecard project hopes that the release of Scorecard v2 will facilitate security checks and facilitate security implementation. This includes making new security checks, scaling up the number of projects to be scored, and making this data easily accessible for analysis.


For developers, scorecards help reduce the effort and manual effort required to continuously evaluate package changes as they maintain the project’s supply chain. Consumers can automatically access risk to make informed decisions about program acceptance, look for alternative solutions, and work with maintainers to make improvements.


Copyright @1999-2022 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : |