According to Google Cloud VP of Infrastructure Eric Brewer, open source technologies will be used by four out of five developers by 2025. Open source software is the public infrastructure that supports modern daily life.
The goal of curated open source is to increase supply chain security while adding a higher standard of accountability. This is necessary, according to Brewer, “to operate the applications that will power our future,” she stated in a blog post. He mentioned laws from the government, such as the Federal Risk and Authorization Management Program (FedRAMP) and President Biden’s Cybersecurity Executive Order.
The idea of “curated open source” depends on an individual or group of curators who examine open source software packages to find flaws and fix them. For instance, curators implement automated testing that streamlines open source security, track new dependencies, and update existing ones.
Today, open source curation is only available on a lesser scale through packages linked to supported Linux versions or premium open source platforms like Apache Spark. However, Brewer noted that currently “most of the packages we depend on are not curated.” This will need to alter given the broad risk.
According to Brewer, the carefully selected open source packages offered by Google Cloud “allow enterprises to gain from the same end-to-end security capabilities and practises that we apply to our own OSS portfolio at Google Cloud.” According to him, the hyperscaler has invested in and relies on the same technologies that developers can access through open availability.
