Google strengthens the review of external contributors to AOSP to prevent malicious submission of bug code

Google strengthens the review of external contributors to AOSP to prevent malicious submission of bug code

September 19 news, Android Open Source Project (AOSP) refers to the people, processes and source code that create Android. People are responsible for overseeing the project and developing source code; processes refer to the tools and programs used to manage software development, and the final result is source code that can be used for mobile phones and other devices.

Currently, AOSP uses the Apache 2.0 open source license, which means that anyone can modify its code. However, one disadvantage of this strategy is that it provides an easy way for malicious people to damage it. In response to security issues, Google is strengthening the review of external contributors.

Android expert Mishaal Rahman explained that all external changes to AOSP now require review and approval by two Google reviewers. The goal is to prevent hidden security vulnerabilities and bugs in the code from entering AOSP - not to restrict who can submit code to AOSP.

In fact, Rahman made it clear that non-Googlers are not blacklisted from contributing. Instead, external code is only reviewed to give those directly affected a chance to determine whether it should be integrated into AOSP. This is a more thorough review process that helps screen the final code, identify the most beneficial parts, and reduce security issues.

Foreign media believe that this strategy may significantly reduce some of the vulnerability-related problems Google has faced in the past.

Just last year, David Schütz discovered a vulnerability in AOSP, a flaw that could allow hackers to bypass the Android lock screen. He later received a $70,000 reward from Google for reporting the vulnerability.

It is worth noting that Google has launched a project called Vulnerability Rewards Program in 2010. Since its launch, the project has contributed more than 11,000 vulnerabilities, and Google will reward them with cash. At present, Google has paid millions of dollars to these white hats.

<<:  Xiaomi and Huawei, turning hostility into friendship!

>>:  iOS17 is now available for update! Netizens tested it and found it to be very cool, but the battery life is...

Recommend

Is “Turning Stone into Gold” a delusion? It works in the desert!

Produced by: Science Popularization China Author:...

Tencent Advertising 520 Valentine's Day Advertising Plan

“What to give as a Valentine’s Day gift” is an an...

"See through!" Chinese scientists take first complete X-ray of the moon

"The bright moon rises over the sea, and peo...

There are 3 basic ways to get traffic when promoting APP!

I have been working in operations for a year, and...

How to become an excellent information flow advertising optimizer?

In fact, everyone has read a lot of useful inform...

Cut the meat! Who did the big companies get rid of in 2015?

[[161006]] At first, it was a popular commodity t...

How do you keep the apples that Wang Yaping displayed in the space station fresh?

recently Photos by Zhai Zhigang and Ye Guangfu ——...