Google, Amazon, Microsoft Call for Open Source Software Grants
The Biden administration should follow the tech industry’s lead and fund open source software efforts to help secure critical infrastructure and improve cybersecurity, Amazon, Google and Microsoft told the White House in comments posted through Thursday. The Office of the National Cyber Director requested public comment on the government’s “long-term focus and prioritization on open-source software security.” After the Log4Shell cyber attack, Google, Microsoft and Amazon funded Alpha-Omega, a grant program for open source software foundations. The foundations examine the top 10,000 security-critical open source packages and provide funding to fix them. Their efforts were “very promising,” but sustained funding is a “future challenge,” Amazon commented. The federal government should “fund and coordinate a similar exercise to support the most critical open source dependencies on a sector-by-sector basis,” said Google. Microsoft added that funding of $500,000 for each “critical” open source software project “can provide substantial security improvements, including third-party security reviews and remediation of identified issues.”