Security News > 2021 > June > Google pushes bug databases to get on the same page for open-source security

Google on Thursday introduced a unified vulnerability schema for open source projects, continuing its current campaign to shore up the security of open source software.
The as-yet-unnamed vulnerability interchange schema aspires to bridge gaps that make it difficult to connect current, fragmented vulnerability databases by providing a common interchange format.
"With this schema we hope to define a format that all vulnerability databases can export," explained software engineer Oliver Chang, and principal engineer Russ Cox, in a blog post provided to The Register in advance of publication.
"A unified format means that vulnerability databases, open source users, and security researchers can easily share tooling and consume vulnerabilities across all of open source."
Google is trying to provide a more comprehensive view of vulnerabilities in open source than existing approaches and to promote faster remediation via automation - which is critical for responding to problems in a timely fashion.
Back in February, the tech giant released an Open Source Vulnerabilities database to allow developers to query vulnerabilities in the open source frameworks, libraries, and projects that they use.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/06/24/google_security_fix/
Related news
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Orbit: Open-source Nuclei security scanning and automation platform (source)
- Misconfig Mapper: Open-source tool to uncover security misconfigurations (source)
- OSPS Baseline: Practical security best practices for open source software projects (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Hetty: Open-source HTTP toolkit for security research (source)
- Why The Modern Google Workspace Needs Unified Security (source)
- Google paid $12 million in bug bounties last year to security researchers (source)
- NetBird: Open-source network security (source)
- IntelMQ: Open-source tool for collecting and processing security feeds (source)