Google: Embrace, Control, and Sell Advertising?
May 25, 2022
Google claims to support open source technology and contributes some of its code libraries and projects, except for the black box search algorithm, to the public. The Verge shares Google’s new open source initiative in the article, “Google Will Start Distributing A Security-Vetted Collection Of Open-Source Software Libraries.” Google wants to add its branding and stamp of approval to open source software.
Google wants to control its portion of the open source community by curating and distributing security-vetted software to Google Cloud customers. The new initiative is called Assured Open Source Software. Andy Chang is a Google Cloud Group Produce Manager for Security and Privacy and he said there were challenges to secure open source software:
“ ‘There has been an increasing awareness in the developer community, enterprises, and governments of software supply chain risks,’ Chang wrote, citing last year’s major log4j vulnerability as an example. ‘Google continues to be one of the largest maintainers, contributors, and users of open source and is deeply involved in helping make the open source software ecosystem more secure.’”
The Assured Open Source Software will allow Google Cloud customers to use the same software auditing process as Alphabet Inc. The open source packages are the same ones the company uses and are managed by regular scanning and vulnerability analysis. Currently, there are 550 libraries Google monitors on GitHub and can be downloaded independently of Google. These same libraries will be available via Google Cloud later in 2022.
Google’s Assured Open Source Software is an industry-wide pull to secure the open source software supply chain. The Biden administration supports the endeavor.
Open source does need to be secure, but is putting a tech giant, notorious for collecting and selling user data, the right way to go? Sure it is, it is Google approved!
Whitney Grace May 25, 2022