Security News > 2021 > June > Google pushes bug databases to get on the same page for open-source security
Google on Thursday introduced a unified vulnerability schema for open source projects, continuing its current campaign to shore up the security of open source software.
The as-yet-unnamed vulnerability interchange schema aspires to bridge gaps that make it difficult to connect current, fragmented vulnerability databases by providing a common interchange format.
"With this schema we hope to define a format that all vulnerability databases can export," explained software engineer Oliver Chang, and principal engineer Russ Cox, in a blog post provided to The Register in advance of publication.
"A unified format means that vulnerability databases, open source users, and security researchers can easily share tooling and consume vulnerabilities across all of open source."
Google is trying to provide a more comprehensive view of vulnerabilities in open source than existing approaches and to promote faster remediation via automation - which is critical for responding to problems in a timely fashion.
Back in February, the tech giant released an Open Source Vulnerabilities database to allow developers to query vulnerabilities in the open source frameworks, libraries, and projects that they use.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/06/24/google_security_fix/
Related news
- Open source maintainers: Key to software health and security (source)
- NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)