Google is supporting security examinations of eight projects through a partnership with the Open Source Technology Improvement Fund, after donating $100 million to improve open source security last month (OSTIF)
In the OSSRA reports for 2021 and 2020, both the Jacksondatabind component and Lodash were identified as highly vulnerable components in the majority of audited applications.