Mazuva mashoma apfuuras Google yakafumura iyo Yakachengeteka Open Source danho (SOS), chii kupa mabhonasi ebasa rakanangana nekusimbisa yakakosha yakavhurika sosi software uye kune iyo miriyoni yemadhora yakapihwa yekutanga kubhadhara, asi kana chirongwa ichi chikazivikanwa sekubudirira, kudyara muchirongwa ichi kunoenderera.
Zvikumbiro zvemubhadharo zvinogamuchirwa chete shanduko dzinogamuchirwa muzvirongwa ine danho rekutsoropodza rinokwana 0.6 zvinoenderana neiyo OpenSSF Critically Score kana kuiswa mune runyorwa rwemapurojekiti anoda chaiwo ekuchengetedza chengetedzo.
Hunhu hweshanduko dzakatsanangurwa dzinofanira kuve nehukama nekuvandudzwa kwekuchengetedzwa munzvimbo dzakadai sekusimbisa kudzivirirwa kwezvinhu zvehurongwa (semuenzaniso, kuenderera mberi kwekubatanidza uye nzira dzekuparadzira), kushandisa masisitimu ekuongorora masiginecha edhijitari ezvikamu zvezvigadzirwa zve software, kuwedzera chigadzirwa nhanho (ongororo, dziviriro yebazi, Kuedza kusanzwisisika, kudzivirirwa pakurwiswa nevanovimba).
Pamusoro pegore rapfuura, takaita mari dzinoverengeka kusimbisa kuchengetedzeka kwemapurojekiti akasvinuka akavhurika, uye isu nguva pfupi yadarika takazivisa kuzvipira kwedu pamadhora gumi emadhora kuzvidziviriro zvekuchengetedzwa kwenyika, kusanganisira madhora zana mamirioni ekutsigira nheyo dzechitatu-bato dzinogadzirisa yakavhurika sosi yekuchengetedza zvakakosha uye kubatsira kugadzirisa kusagadzikana.
Nezve huwandu hwemabhonasi, izvi zvichapihwa zvinotevera:
- $ 10,000 kana kupfuura - Yekuunza kwenguva yakareba, yakakosha, yakakosha, uye yakaoma zvigadziriso zvinodzivirira pakukuvara kwakakomba mune yakavhurika kodhi yeprojekiti kana zvivakwa.
- $ 5000- $ 10000 - yekuvandudza kwehuremu hwepakati hune hunhu hwakanaka pane chengetedzo.
- $ 1000- $ 5000 yekunetseka zvine mwero kukwidziridzwa kuwedzera chengetedzo.
- $ 505 - yezve diki diki yekuchengetedza.
Nhasi, tinofara kuzivisa kwedu kutsigira kweiyo Yakachengeteka Open Source (SOS) chirongwa chekutyaira chinotungamirwa neLinux Foundation. Ichi chirongwa chemari chinopa mubayiro vanogadzira ekuvandudza kuchengetedzeka kwezvakakosha yakavhurwa sosi mapurojekiti ayo isu tese tinovimba nawo. Tiri kutanga ne $ 1 miriyoni yekudyara uye tinoronga kuwedzera kusvika kwechirongwa kunoenderana nemhinduro dzemunharaunda.
Pane rimwe divi iyo OSTIF (Open Source Technology Enhancement Fund), yakagadzirirwa kusimbisa kuchengetedzwa kwemapurojekiti akavhurika, yakazivisa kudyidzana neGoogle, iyo yakaratidza kuda kwayo kubhadhara yakazvimirira yekuchengetedza odhita yezvirongwa zvisere sosi yakavhurwa.
Nemari yakagamuchirwa kubva kuGoogle, zvakagadziriswa kuongorora Git, raibhurari yeLodash JavaScript, iyo PHP Laravel fomati, iyo Slf4j Java fomati, raibhurari yeJackson JSON (Jackson-core uye Jackson-databind) uye izvo Apache Http zvikamu (Httpcomponents- core uye Httpcomponents).
Rutsigiro rweGoogle runobvumira OSTIF kuvhura Managed Audit Chirongwa (MAP), iyo ichawedzera kuongorora kwedu kwakadzama kwekuchengetedza kune mamwe mapurojekiti akakosha kune yakavhurika sosi yezvisikwa.
Pakutanga, uchishandisa mari inogamuchirwa semhedzisiro yekuunganidzwa kwezvipo, homwe OSTIF yatove akaongorora OpenSSL, VeraCrypt, OpenVPN, Monero, Unbound mapurojekiti DNS uye QRL.
Kusiyanisa, nharaunda yatove nekunyora maturusi ekuongorora iyo PHP Symfony fomati. Kana paine mari yekuwedzera yekuongorora, Systemd, Electron, Rails, Drupal, Joomla, WebPack, Reprepro, Ceph, React Native, Salt, Ansible, Angular, Gatsby neGuava zvirongwa zvakarongwa zvakare.
Izvi zvinoratidza kubudirira kukuru mukukwezva vabati vemakambani makuru kuti vatsigire modhiyo yeOTIF yekuvandudza yakavhurika sosi software kuburikidza nekuongorora kwekuchengetedza uye ongororo yekodhi yekodhi.
Sarudzo iyi yakaitwa zvinehunyanzvi zvichienderana nechengetedzo yekukanganisa kuongorora yeiyo projekiti mune yakavhurika sosi ecosystem uye inogona kubatsira munharaunda nekuwedzera kuchengetedzeka kwemapurojekiti ari kutariswa. Kune akakomberedza 100 mapurojekiti paGitHub, coefficient yakaverengwa uchifunga nezvezvinhu zvakaita sekuzivikanwa kwekushandisa seyakavimbika, kudiwa kwezvivakwa, huwandu hwevagadziri, chiitiko chebudiriro, huwandu hweshumo yakavharwa uye isina-yakavharwa meseji yekukanganisa, huwandu hwemasangano anotsigira chirongwa ichi, kuwanda kwekuvandudzwa, nhoroondo yekuzivikanwa kwekushupika, nezvimwe.
Source: https://ostif.org/, https://security.googleblog.com/