Security News > 2021 > June > Google pushes bug databases to get on the same page for open-source security

Google on Thursday introduced a unified vulnerability schema for open source projects, continuing its current campaign to shore up the security of open source software.

The as-yet-unnamed vulnerability interchange schema aspires to bridge gaps that make it difficult to connect current, fragmented vulnerability databases by providing a common interchange format.

"With this schema we hope to define a format that all vulnerability databases can export," explained software engineer Oliver Chang, and principal engineer Russ Cox, in a blog post provided to The Register in advance of publication.

"A unified format means that vulnerability databases, open source users, and security researchers can easily share tooling and consume vulnerabilities across all of open source."

Google is trying to provide a more comprehensive view of vulnerabilities in open source than existing approaches and to promote faster remediation via automation - which is critical for responding to problems in a timely fashion.

Back in February, the tech giant released an Open Source Vulnerabilities database to allow developers to query vulnerabilities in the open source frameworks, libraries, and projects that they use.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/24/google_security_fix/