Tuesday, 17 May 2022

 

 

LATEST NEWS IPL 2022: Mitchell Marsh, Shardul Thakur, spinners carry Delhi Capitals into top four with 17-run win over Punjab Kings District Environment Committee meeting chaired by Deputy Commissioner Vishesh Sarangal Itna Pyaar Karunga: Babbu Maan Collaborates With Shipra Goyal For Upcoming Song Transport Minister Laljit Singh Bhullar Finds Irregularities In Timetable & Permits During Surprise Check At Bathinda Rta Office Jubin Nautiyal's latest track 'Mann Uda Uda Jaye' from 'Dear Dia' hits the speakers Urvashi Rautela to attend Cannes Film Fest for poster launch of Tamil film 'The Legend' Formula 1: Nyck de Vries to run in FP1 for Williams in Spanish Grand Prix Kamal Haasan's 'Vikram' trailer crosses 1.2 crore views within 24 hours IPL 2022: Sitting out after initial matches gave chance to train hard; get used to conditions, says Tim David Kichha Sudeep’s Vikrant Rona To Release In Hindi By Salman Khan’s Film 'K.G.F: Chapter 2' now available for 'Early Access' rentals on OTT BJP only seeks to divide and suppress : Rahul Gandhi Johnny Walker's son Nasirr Khan chuffed to still get lead roles in TV serials Thomas Cup: BAI should capitalise on the title and take badminton to next level in the country, says Uday Pawar Textbook repeat of Dec 1949 in Babri Masjid : Asaduddin Owaisi on Gyanvapi row 'Taarak Mehta Ka Chhota Chashmah' Season 3 releases Nakuul Mehta: Love is a two-way street which has its own twists and turns Swastika Mukherjee motivated Plabita Borthakur to push boundaries in 'Escaype Live' Elon Musk prefers to visit Indonesia as top Indian ministers fail to impress him Minister Kuldeep Singh Dhaliwal hands over appointment letters to the newly appointed SDOs Explained: How Covid-19 damages lungs, other organs

 

Google calls for govt help to secure critical open-source software

Google, Washington, World News, Sundar Pichai

Web Admin

Web Admin

5 Dariya News

Washington , 14 Jan 2022

Google has called for a public-private partnership to identify a list of critical open source projects and find new ways of identifying software that might pose a systemic risk, as the world grapples with the recent log4j open source software vulnerability that has put millions of devices at hacking risk.Following a summit on open-source security hosted at the White House on Thursday, Google said the collaboration between government and the private sector was needed for open-source funding and management."We need a public-private partnership to identify a list of critical open source projects with criticality determined based on the influence and importance of a project  to help prioritise and allocate resources for the most essential security assessments and improvements," said Kent Walker, president for global affairs and chief legal officer at Google and Alphabet.

Open source software code is available to the public, free for anyone to use, modify, or inspect.Since it is freely available, open source facilitates collaborative innovation and the development of new technologies to help solve shared problems."That's why many aspects of critical infrastructure and national security systems incorporate it. But there's no official resource allocation and few formal requirements or standards for maintaining the security of that critical code," said Google.In fact, most of the work to maintain and enhance the security of open source, including fixing known vulnerabilities, is done on an ad hoc, volunteer basis."Longer term, we need new ways of identifying software that might pose a systemic risk based on how it will be integrated into critical projects  so that we can anticipate the level of security required and provide appropriate resourcing," Google noted.

The 'Log4j' vulnerabilities represent a complex and high-risk situation for companies across the globe.This open-source component is widely used across many suppliers' software and services."Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. There is high potential for the expanded use of the vulnerabilities," according to Microsoft.Cyber criminals are making thousands of attempts to exploit a second vulnerability involving a Java logging system called 'Apache log4j2'.Google recently said that more than 35,000 Java packages, amounting to over 8 per cent of the Maven Central repository (the most significant Java package repository), have been impacted by the recently disclosed vulnerabilities with widespread fallout across the software industry.The Apache Software Foundation has released several updates in the wake of the widespread 'Log4Shell' vulnerability in Log4j version 2 branch.

 

Tags: Google , Washington , World News , Sundar Pichai

 

 

related news

 

 

 

Photo Gallery

 

 

Video Gallery

 

 

5 Dariya News RNI Code: PUNMUL/2011/49000
© 2011-2022 | 5 Dariya News | All Rights Reserved
Powered by: CDS PVT LTD