Google announces the establishment of an internal team of engineers, whose mission will be to lend a hand to properly maintain free software deemed critical.
In the future, Google will mobilize some of its engineers to contribute to the proper development of certain critical software for the web and IT. This is what the American company indicated in a blog post published on May 12, four months after a crucial meeting on open source in the United States, with the White House and officials of the tech.
” One of the problems frequently cited by free software contributors is lack of time. As insufficiently updated critical open source components pose a security risk, Google is setting up a dedicated team “, launch Eric Brewer, the vice-president of infrastructure at Google, in charge of the cloud, and Abhishek Arya, chief engineer.
This group, called Open Source Maintenance Crew, will bring together several specialists from the company, who will provide technical support to people who somehow maintain projects that are essential for the proper functioning of whole sections of the digital ecosystem.
The initiative announced in mid-May by the Mountain View firm is part of a growing effort on its part in terms of contributing to open source. Moreover, the net giant does not fail to recall some of its contributions to software, particularly in the financial field. The creation of a specialized team is one more step in a movement that is already a few years old.
Securing open source worries the White House
It is also testimony to the decisive importance of certain technological building blocks for a company like Google. The group, like many others in Silicon Valley and elsewhere, takes full advantage of the open source ecosystem and free software to build their own services and products. It is, in a certain way, a just return of favor.
It’s not just out of altruism. There is also a more prosaic issue which relates to securing their own ecosystem. It is in Google’s interest to support the proper functioning of open source, because through it Google indirectly supports the proper functioning of its activities. This is to avoid having a possible future problem, which could appear without warning.
The recent history of computing is not lacking in adventures on the too low level of maintenance of certain open source projects. We could cite the case of the very old flaw in OpenSSL, a widely used cryptography software library, or, more recently, the panic following the discovery of the Log4j flaw, the effects of which will be spread over years. .
Moreover, the cascade of problems that arose from Log4j provoked a meeting at the White House at the beginning of the year. The Biden administration has summoned executives from groups like Apple, Google, Amazon, Oracle (which is behind the Java language, on which Log4j is based), Meta (ex-Facebook), IBM and Microsoft to talk about this kind of peril and ways to mitigate it.
In addition to companies, Washington also brought together GitHub and the Linux Open Source Foundation and several ministries (homeland security, energy, defense, commerce) and specialized agencies. The announcement by Google of the Open Source Maintenance Crew appears as an indirect consequence of the meeting at the beginning of the year on the cybersecurity of open source.