News

Google Backs Open-source CERT Group

Google is now one of three sponsors of oCERT, a clearinghouse for data on security vulnerabilities in open-source products.

By Robert McMillan, IDG News Service (San Francisco Bureau)

May 06, 2008 —

Google has thrown its weight behind a fledgling security reporting group for the open-source community.

The search engine giant, long a proponent of open-source software, is now one of three sponsors of oCERT, the Open Source Computer Emergency Response Team.

Launched in late March, oCERT aims to be a clearinghouse for data on security vulnerabilities in open-source products, keeping open-source distributors on top of flaws and helping small software projects ensure that users of their code are aware of any issues.

OCERT has published four advisories since its inception. In addition to Google, it is sponsored by Inverse Path and the Open Source Lab.

There are already many national CERT efforts, which coordinate countrywide responses to security threats, but oCERT hopes to meet the unique requirements of the open-source community, where software is often re-used but patches are not always circulated to everyone who needs them.

"It is my hope that this initiative will not only aid in remediating security issues in a timely fashion, but also provide a means for additional security contributions to the open source community," wrote Google's Will Drewry in a Monday post to the company's security blog.

• Email
• Print
• Comments
• Digg This
• SlashDot

• Google Gears Comes Out for Mobile
• Top 10 IT News Stories of the Week
• CIO's Most Popular 50 Articles