Hands On Google has big ambitions for its new Open Source Vulnerabilities database, but getting started requires a Google Cloud Platform account and there are other obstacles that may add friction to adoption.
The Chocolate Factory is not happy with the state of open-source software security, which is a big deal not least because its own business and cloud platform depends on open-source code. The company wants to see more discipline and checks in critical open-source software, and revealed that it maintains its own private repositories for many projects to guard against compromised code or newly committed vulnerabilities.
One of the security team's suggestions was for new ways to manage vulnerability data, including "precise vulnerability metadata from all available data sources." It also wished for "better tooling... to understand quickly what software ..
Support the originator by clicking the read the rest link below.
