Security News > 2020 > November > Developers: This is Google's new idea for keeping your open-source projects secure
Scorecards provides an assessment of open-source packages, which developers can use to judge whether they are safe to introduce into their projects or systems.
Introducing unknown code into a software can be risky, which is why Google is introducing a new scorecard system to help developers assess the risk of open-source dependencies before introducing them to their systems.
Scorecards is one of the first projects to have been released under the Open Source Security Foundation, established in August this year to unite leaders across industries to enhance open-source software security.
At the moment, developers and open-source projects in general are resource-limited, meaning security too often ends up as an afterthought, leaving the door open to risks of attack.
Lewandowski added: "Using the scorecard data, we want to build a culture of security through improved visibility. We want to work with the community and improve the security health of the critical projects we all depend on."