Google has announced that it has joined the Linux Foundation's OpenSSF (Open Source Security Foundation) initiative to improve the security of open source software. As part of its involvement, Google has created and will fund a separate "Open Source Maintenance Crew" of engineers that will work with maintainers of critical open source projects on security enhancements.
The work will use the βKnow, Prevent, Fixβ concept, which defines methods for managing metadata about fixing vulnerabilities, controlling the fix, sending notifications of new vulnerabilities, maintaining a database with information about vulnerabilities, tracking the linking of vulnerabilities to dependencies, and analyzing the risk of exploitation of vulnerabilities through dependencies .
Source: opennet.ru