VS1 Cloud Blog

VS1 Cloud Blog

Google wants to ‘advance cybersecurity’ by fixing open-source and increasing training

27th Aug 2021 | Software

Google has committed $10 billion over the next five years to “advance cybersecurity” by fixing some of the key problems with open-source and offering more training.

The announcement follows Google’s participation in President Biden’s White House Cyber Security Meeting this week. Leading tech executives including Alphabet CEO Sundar Pichai put their heads together following an increasing prevalence and seriousness of cyberattacks.

Open-source is vital and speeds up development to match the modern pace of expected production. According to Synopsys’ 2021 Open Source Security and Risk Analysis (OSSRA) report, 98 percent of the audited codebases contained at least one open-source component and 75 percent of all codebases were composed of open-source. However, 84 percent of codebases had at least one vulnerability with an average of 158 per codebase. The average vulnerability found was 2.2 years old.

Some of the vulnerabilities are accidental, while others purposefully take advantage of the software supply chain – as seen with that whole SolarWinds incident – to introduce vulnerabilities. There are clear problems with open-source that need addressing.

Organisations that do the noble work of helping to fix vulnerabilities in open-source are being provided $100 million from Google’s coffers. That includes the Open Source Security Foundation (OpenSSF), which Google previously worked alongside to create best practices on how to secure supply chains.

Google says that it’s one of the pioneers in zero-trust computing whereby no person, device, or network is given inherent trust. As with anywhere else in life, trust must be earned. Google is encouraging organisations and the federal government to adopt zero-trust computing and modernise their legacy infrastructures.

Finally, Google will also be helping to boost the number of cybersecurity professionals by helping “100,000 Americans earn Google Career Certificates in fields like IT Support and Data Analytics to learn in-demand skills including data privacy and security.”

By: Ryan Daws