Kwanaki da yawa da suka gabatas Google ya ƙaddamar da shirin Amintaccen Buɗe (SOS), menene samar da kari don aikin da ya shafi ƙarfafa software mai buɗewa mai mahimmanci kuma wanda aka ware dala miliyan guda don biyan farko, amma idan aka gane shirin ya yi nasara, za a ci gaba da saka hannun jari a aikin.
Ana karɓar buƙatun lada kawai don canje -canjen da aka karɓa a cikin ayyukan tare da matakin mahimmanci na aƙalla 0.6 bisa ga OpenSSF Score Score ko kunshe cikin jerin ayyukan da ke buƙatar sarrafa tsaro na musamman.
Yanayin canje -canjen da aka gabatar yakamata ya kasance yana da alaƙa da haɓaka tsaro a fannoni kamar ƙarfafa kariyar abubuwan abubuwan more rayuwa (alal misali, ci gaba da haɗa kai da aiwatar da rarrabawa), aiwatar da tsarin tabbatarwa don sa hannun dijital na ɓangarorin samfuran software, haɓaka samfurin matakin (bita, kariyar reshe, Gwajin Fuzzing, kariya daga hare -haren dogaro).
A cikin shekarar da ta gabata, mun sanya jarin da yawa don ƙarfafa tsaro na mahimman ayyukan buɗe tushen, kuma kwanan nan mun sanar da alƙawarin dala biliyan 10 ga tsaron yanar gizo, gami da dala miliyan 100 don tallafawa tushe na ɓangare na uku waɗanda ke gudanar da tsaro abubuwan da suka fi muhimmanci da kuma taimakawa wajen gyara rauni.
Game da adadin kari, za a fitar da su kamar haka:
- $ 10,000 ko sama da haka - Don yin na dogon lokaci, mahimmanci, dacewa da haɓaka kayan haɓaka waɗanda ke kariya daga mummunan rauni a cikin lambar aikin buɗe ko kayan aikin.
- $ 5000- $ 10000 - don haɓaka matsakaicin wahalar da ke da tasiri mai kyau akan aminci.
- $ 1000- $ 5000 don haɓaka matsakaicin matsakaici don haɓaka aminci.
- $ 505 - don ƙaramin haɓaka tsaro.
A yau, muna farin cikin sanar da tallafin mu na shirin matukin jirgi na Secure Open Source (SOS) wanda Gidauniyar Linux ke jagoranta. Wannan shirin yana ba da lada ga masu haɓaka don inganta tsaro na mahimman ayyukan buɗe tushen da duk muka dogara da su. Muna farawa tare da saka hannun jari na dala miliyan 1 kuma muna shirin fadada isar da shirin bisa ra'ayoyin al'umma.
A gefe guda OSTIF (Asusun Haɓaka Fasahar Fasaha), wanda aka kirkira don ƙarfafa tsaro na ayyukan buɗe tushen, ya ba da sanarwar haɗin gwiwa tare da Google, wanda ya bayyana shirye -shiryen sa na tallafa wa binciken tsaro mai zaman kansa na ayyukan 8 bude tushe
Tare da kudaden da aka karɓa daga Google, an yanke shawarar tantance Git, ɗakin karatu na Lodash JavaScript, tsarin PHP Laravel, tsarin Java na Slf4j, ɗakunan karatu na Jackson JSON (Jackson-core da Jackson-databind) da abubuwan Apache Http (Httpcomponents- core da Httpcomponents).
Taimakon Google zai ba OSTIF damar ƙaddamar da Manajan Audit Programme (MAP), wanda zai faɗaɗa tsattsauran bincikenmu na tsaro zuwa ƙarin ayyukan da ke da mahimmanci ga yanayin tushen tushen.
A baya, ta amfani da kudaden da aka samu sakamakon tarin gudummawar, asusun OSTIF ta riga ta bincika OpenSSL, VeraCrypt, OpenVPN, Monero, ayyukan da ba a haɗa su ba DNS da QRL.
A gefe guda, al'umma ta riga ta tattara kayan aikin don duba tsarin PHP Symfony. Idan akwai ƙarin kuɗaɗe don binciken, Systemd, Electron, Rails, Drupal, Joomla, WebPack, Reprepro, Ceph, React Native, Salt, Ansible, Angular, Gatsby da Guava an kuma tsara su.
Wannan yana nuna babbar nasara a jawo hankalin manyan masu ba da gudummawa na kamfanoni don tallafawa ƙirar OSTIF na haɓaka software na buɗewa ta hanyar sake duba tsaro da duba lambar tushe.
An yi zaɓin da ƙarfi bisa la'akari da tasirin tasirin aminci na aikin a cikin tushen tushen muhallin halittu da yuwuwar fa'ida ga al'umma ta hanyar ƙara tsaron ayyukan da ake la'akari. Domin kusan ayyukan 100 akan GitHub, an ƙididdige adadin kuzari yin la'akari da dalilai kamar shaharar amfani kamar dogaro, buƙatar kayan more rayuwa, adadin masu haɓakawa, ayyukan haɓakawa, adadin saƙonnin kuskure da aka rufe da marasa rufewa, adadin ƙungiyoyin da ke tallafawa aikin, yawan sabuntawa, tarihin gano rauni, da sauransu.
Harshen Fuentes: https://ostif.org/, https://security.googleblog.com/