Google backs open-source CERT group

May 5, 2008 —

Google has thrown its weight
behind a fledgling security reporting group for the open-source community.

The search engine giant, long a proponent of open-source software, is now one
of three sponsors of oCERT,
the Open Source Computer Emergency Response Team.

Launched in late March, oCERT aims to be a clearinghouse for data on security
vulnerabilities in open-source products, keeping open-source distributors on
top of flaws and helping small software projects ensure that users of their
code are aware of any issues.

OCERT has published four advisories since its inception. In addition to Google,
it is sponsored by Inverse
Path and the Open Source Lab.

There are already many national CERT efforts, which coordinate countrywide
responses to security threats, but oCERT hopes to meet the unique requirements
of the open-source community, where software is often re-used but patches are
not always circulated to everyone who needs them.

"It is my hope that this initiative will not only aid in remediating security
issues in a timely fashion, but also provide a means for additional security
contributions to the open source community," wrote Google's Will Drewry
in a Monday post
to the company's security blog.

IDG News Service