Google strengthens the review of external contributors to AOSP to prevent malicious submission of bug code

Google strengthens the review of external contributors to AOSP to prevent malicious submission of bug code

September 19 news, Android Open Source Project (AOSP) refers to the people, processes and source code that create Android. People are responsible for overseeing the project and developing source code; processes refer to the tools and programs used to manage software development, and the final result is source code that can be used for mobile phones and other devices.

Currently, AOSP uses the Apache 2.0 open source license, which means that anyone can modify its code. However, one disadvantage of this strategy is that it provides an easy way for malicious people to damage it. In response to security issues, Google is strengthening the review of external contributors.

Android expert Mishaal Rahman explained that all external changes to AOSP now require review and approval by two Google reviewers. The goal is to prevent hidden security vulnerabilities and bugs in the code from entering AOSP - not to restrict who can submit code to AOSP.

In fact, Rahman made it clear that non-Googlers are not blacklisted from contributing. Instead, external code is only reviewed to give those directly affected a chance to determine whether it should be integrated into AOSP. This is a more thorough review process that helps screen the final code, identify the most beneficial parts, and reduce security issues.

Foreign media believe that this strategy may significantly reduce some of the vulnerability-related problems Google has faced in the past.

Just last year, David Schütz discovered a vulnerability in AOSP, a flaw that could allow hackers to bypass the Android lock screen. He later received a $70,000 reward from Google for reporting the vulnerability.

It is worth noting that Google has launched a project called Vulnerability Rewards Program in 2010. Since its launch, the project has contributed more than 11,000 vulnerabilities, and Google will reward them with cash. At present, Google has paid millions of dollars to these white hats.

<<:  Xiaomi and Huawei, turning hostility into friendship!

>>:  iOS17 is now available for update! Netizens tested it and found it to be very cool, but the battery life is...

Recommend

The most comprehensive Zhihu operation and promotion skills!

There is strength in numbers, and more firewood m...

Gamma Data: Development Prospects of AIGC in China’s Game Industry in 2023

AIGC Industry Development Background AI will beco...

October marketing hotspot calendar is freshly released!

October is approaching, and the exciting National...

This battery is awesome and it only takes one minute to fully charge!

Scientists say they have invented a new type of b...

How to write promotional ideas, write like this!

Why does my ad not have any traffic even though i...

How should bidding promotion be optimized to be effective?

How to optimize Baidu SEM company's bidding p...

Plex: 2022 Smart Manufacturer Report

7 Current Status of Intelligent Manufacturing Acc...

Raise fish on the big screen of TV "Dream Aquarium" trial experience

Screen: Sound Effects: operate: Plot: Experience:...