Google plugs open-source security holes with oCERT
Google is lending its security expertise to the open-source community to help plug security holes with its oCERT team. While much remains to be seen as to how successfully or actively oCERT will operate, it's a welcome addition to the open-source world by Google.
oCERT, short for the open-source computer emergency response team, will aim to remediate security vulnerabilities and exploits in a wide range of open-source programs by coordinating communication among publishers. According to Google's security blog, the group "will strive to contact software authors with all security reports and aid in debugging and patching, especially in cases where the author, or the reporter, doesn't have a background in security."
I assume that oCERT will focus on community, as opposed to company-maintained projects, which perhaps limits its utility. But then, it would be unrealistic to expect Google to take on the full burden of open-source security. By lending some expertise to projects that may lack security prowess, Google is doing the open-source world a favor.
Now if we could just get Google to contribute back all of its modifications to these projects...
Matt Asay is general manager of the Americas and vice president of business development at Alfresco, and has nearly a decade of operational experience with commercial open source and regularly speaks and publishes on open-source business strategy. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.
