Google bankrolls new push to improve security of critical open source projects

Google continues to pump money to help secure open source software

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas provided significant financial support to the Open Source Technology Improvement Fund (OSTIF) as part of its larger push to support securingopen source software.

Following PresidentBiden’s cybersecurity meetinglast month, Kent Walker, SVP of Global Affairswroteabout the company’s $100 million pledge to support third-party foundations such asOpenSSFthat manage open source security priorities and help fix vulnerabilities.

The support for OSTIF, which will cover eight major projects, is part of that commitmentexplainsKaylin Trychon, from Google Open Source Security Team.

“Google’s support will allow OSTIF to launch the Managed Audit Program (MAP), which will expand in-depth security reviews to critical projects vital to the open source ecosystem,” wrote Trychon.

More bang for the buck

The OSTIF came into being in May, 2015 and describes itself as a corporate non-profit organization that helps secure open source supply chains by helping solicit funds for noteworthy open source projects.

For MAP, OSTIF identified 25 critical projects, which were further prioritized to identify the eight that will receive support from Google.

Running through the list of the eight selected projects, which include libraries, frameworks, and apps, Trychon says they were selected because improving their security would make the largest impact on the open source ecosystem.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

These eight projects include the popularversion control software, Git, aJavaScriptutility library, Lodash, and a PHP web application framework, Laravel, along with five otherJavarelated projects.

The tie-up with OSTIF is Google’s latest sponsorship for helping secure open source software and follows its financial backing for acouple of Linux kernel developersto work on security issues exclusively, in addition to its role in security initiatives such as the OpenSSF.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

Wales vs Fiji live stream: how to watch 2024 rugby union Autumn International online from anywhere