These new AI-powered features across Pixel and Android help make the world even more accessible.
With AI at the core of Android, we’ve rebuilt Gemini and tailored it for your device, in a private and secure way.
At Alphabet, open source remains a critical component of our business and internal systems. We depend on thousands of upstream projects and communities to run our infrastructure, products, and services. Within the Open Source Programs Office (OSPO), we continue to focus on investing in the sustainability of open source communities and expanding access to open source opportunities for contributors around the world. As participants in this global ecosystem, our goal with this report is to provide transparency and to report our work within and around open source communities.
In 2023 roughly 10% of Alphabet’s full-time workforce actively contributed to open source projects. This percentage has remained roughly consistent over the last five years, indicating that our open source contribution has remained proportional to the size of Alphabet over time. Over the last 5 years, Google has released more than 7,000 open source elements, representing a mix of new projects, features, libraries, SDKs, datasets, sample code, and more.
In 2023, employees from Alphabet interacted with more than 70,000 public repositories on GitHub. Over the last five years, more than 70% of the non-personal GitHub repositories receiving Alphabet contributions were outside of Google-managed organizations. Our top external projects (by number of unique contributors at Alphabet) include both Google-initiated projects such as Kubernetes, Apache Beam, and gRPC as well as community-led projects such as LLVM, Envoy, and web-platform-tests.
In addition to Alphabet employees supporting external projects, in 2023 Alphabet-led projects received contributions from more than 180,000 non-Alphabet employees (unique GitHub accounts not affiliated with Alphabet).
As the technology industry turns to focus on novel AI and machine learning technologies, open source communities have continued to serve as a shared resource and avenue for collaboration on new frameworks and emerging standards. In addition to launching new projects such as Project Open Se Cura (an open-source framework to accelerate the development of secure, scalable, transparent and efficient AI systems), we also collaborated with AI/ML industry leaders including Alibaba, Amazon Web Services, AMD, Anyscale, Apple, Arm, Cerebras, Graphcore, Hugging Face, Intel, Meta, NVIDIA, and SiFive to release OpenXLA to the public for use and contribution. OpenXLA is an open source ML compiler enabling developers to train and serve highly-optimized models from all leading ML frameworks on all major ML hardware. In addition to technology development, Google’s OSPO has been supporting the OSI's Open Source AI definition initiative, which aims to clearly define 'Open Source AI' by the end of 2024.
As a longstanding consumer and contributor to open source projects, we believe it is vital to continue funding both established communities as well as invest in the next generation of contributors to ensure the sustainability of open source ecosystems. In 2023, OSPO provided $2.4M in sponsorships and membership fees to more than 60 open source projects and organizations. Note that this value only represents OSPO's financial contribution; other teams across Alphabet also directly fund open source work. In addition, we continue to support our longstanding programs:
 |
We continue to invest in improving the security posture of open source projects and ecosystems. Since launching in 2016, Google's free OSS-Fuzz code testing service has helped discover and get over 10000 vulnerabilities and 34,000 bugs fixed across more than 1200 projects. In 2023, we added features, expanded our OSS-Fuzz Rewards Program, and continued our support for academic fuzzing research. In 2023, we also applied the generative power of LLMs to improve fuzz testing. In addition to this project we’ve been:
Our open source work will continue to grow and evolve to support the changing needs of our communities. Thank you to our colleagues and community members who continue to dedicate personal and professional time supporting the open source ecosystem. Follow our work at opensource.google.
This report features metrics provided by many teams and programs across Alphabet. In regards to the code and code-adjacent activities data, we wanted to share more details about the derivation of those metrics.
By Sophia Vargas – Analyst and Researcher, OSPO
The National Institute of Standards and Technology (NIST) just released three finalized standards for post-quantum cryptography (PQC) covering public key encapsulation and two forms of digital signatures. In progress since 2016, this achievement represents a major milestone towards standards development that will keep information on the Internet secure and confidential for many years to come.
Here's a brief overview of what PQC is, how Google is using PQC, and how other organizations can adopt these new standards. You can also read more about PQC and Google's role in the standardization process in this 2022 post from Cloud CISO Phil Venables.
Encryption is central to keeping information confidential and secure on the Internet. Today, most Internet sessions in modern browsers are encrypted to prevent anyone from eavesdropping or altering the data in transit. Digital signatures are also crucial to online trust, from code signing proving that programs haven't been tampered with, to signals that can be relied on for confirming online identity.
Modern encryption technologies are secure because the computing power required to "crack the code" is very large; larger than any computer in existence today or the foreseeable future. Unfortunately, that's an advantage that won't last forever. Practical large-scale quantum computers are still years away, but computer scientists have known for decades that a cryptographically relevant quantum computer (CRQC) could break existing forms of asymmetric key cryptography.
PQC is the effort to defend against that risk, by defining standards and collaboratively implementing new algorithms that will resist attacks by both classical and quantum computers.
You don't need a quantum computer to use post-quantum cryptography, or to prepare. All of the standards released by NIST today run on the classical computers we currently use.
While a CRQC doesn't exist yet, devices and data from today will still be relevant in future. Some risks are already here:
For more information on CRQC-related risks, see our PQC Threat Model post.
Migrating to new cryptographic algorithms is often a slow process, even when weaknesses affect widely-used crypto systems, because of organizational and logistical challenges in fully completing the transition to new technologies. For example, NIST deprecated SHA-1 hashing algorithms in 2011 and recommends complete phase-out by 2030.
That’s why it's crucial to take steps now to improve organizational preparedness, independent of PQC, with the goal of making your transition to PQC easier.
These crypto agility best practices can be enacted anytime:
Our 2022 paper "Transitioning organizations to post-quantum cryptography" provides additional recommendations to help organizations prepare and this recent post from the Google Security Blog has more detail on cryptographic agility and key rotation.
Google takes these risks seriously, and is taking steps on multiple fronts. Google began testing PQC in Chrome in 2016 and has been using PQC to protect internal communications since 2022. In May 2024, Chrome enabled ML-KEM by default for TLS 1.3 and QUIC on desktop. ML-KEM is also enabled on Google servers. Connections between Chrome Desktop and Google's products, such as Cloud Console or Gmail, are already experimentally protected with post-quantum key exchange.
Google engineers have contributed to the standards released by NIST, as well as standards created by ISO, and have submitted Internet Drafts to the IETF for Trust Expressions, Merkle Tree Certificates, and managing state for hash-based signatures. Tink, Google's open source library that provides secure and easy-to-use cryptographic APIs, already provides experimental PQC algorithms in C++, and our engineers are working with partners to produce formally verified PQC implementations that can be used at Google, and beyond.
As we make progress on our own PQC transition, Google will continue to provide PQC updates on Google services, with updates to come from Android, Chrome, Cloud, and others.
When 24 of the brightest, most curious minds from the Māori and Pasifika communities step into Google New Zealand's halls, amazing things happen.
Even though it was through a virtual internship, these students and working professionals didn't let that stop them from dreaming up solutions to some of the Pacific's most pressing challenges, and picking up important career skills.
This virtual internship program, a first in Aotearoa, was part of our collaboration with TupuToa to foster Māori and Pasifika representation in the tech industry.
Over three weeks, the 24 interns, divided into four groups of six, immersed themselves in mentorship and innovation, guided by four Googler mentors based in New Zealand and the United States, including Rob Coyne, Jacob Chalkley, Justin Keown and Hautahi Kingi.
The internship threw down the gauntlet: "If you could develop and change a Google product, what would it be and why?".
Fuelled by the challenge and their Googler mentors, the interns responded with four novel and innovative ideas, each with the potential to transform the lives of Māori and Pasifika communities.
These include an AI-powered mental health product for Māori and Pasifika communities, earlier disaster alerts, enhanced ways to trace Māori and Pasifika ancestry using Google tools, and a more efficient Google Scholar indexing system for research related to these communities.
As we delve into the feasibility of these four concepts, mentor Hautahi Kingi reflects on the profound impact of this internship program. His own journey, from growing up on a marae near Whanganui to becoming a Google Data Scientist in New York, resonates deeply with the aspirations of these interns.
Hautahi Kingi says he’s proud to have become the representation he longed for as a young person - a symbol of success for Māori and Pasifika individuals in the tech industry.
“It was a privilege to have the opportunity to work with these impressive and talented rangatahi,” he says. “The future looks bright for tech in Aotearoa.”
For TupuToa Initiative’s chief executive, Anne Fitisemanu, this was a much-needed step in the right direction. “Programmes like this internship are the foundation for TupuToa, that really help support and grow curious minds and foster innovation. The talent pool in our communities is vast and deep, and we’re proud to work alongside our partners to provide a platform to seek and nurture it.”
Google New Zealand is proud and thrilled that this program has ignited a spark in these 24 youths. They leave with a deeper passion for tech, connections with the tech industry, and skills that will serve them well in any field they choose, among them problem-solving, collaboration, and critical thinking.
We’re excited to see what the future holds for them and grateful to TupuToa for their partnership. We look forward to working together to build an even more inclusive tech landscape in and around New Zealand.
Give it up for these 24 interns! Amish Kumar, Anaya Cole, Asifa Hanif, Gloria Tawake, Hayden Richard-Marsters, Lachlan McCreanney, Lauryn Maxwell, Lenalei Chan Ting, Lomaloma Pepine, Lucas Bawden, Malia Carter, Maria Munsanda Analega Ioane, McKay Leehmann Rimbao, Michael Heavey, Miracle Faamalosi, Paulo Opetaia, Rahera Williams, Sakura Kawakami Potaka-Dewes, Tele Tamati, Tom Tamaira, Vensel Margraff, Zachariah Hunt.
And a big shout-out to the awesome foursome who clinched the Google challenge with their idea for a mental health virtual assistant, designed to bridge the gap between young people and mental health resources: Sakura Kawakami Potaka-Dewes, Zachariah Hunt, Lucas Bawden and Maria Munsanda Analega and Lachlan McCreanney (with mentor Justin Keown).
By Nathan Laing, Head of Scaled, Google Customer Solutions, Google New Zealand
Why we're supporting work to bring mental health resources to teenagers directly in their classrooms.
Starting on September 9, 2024, Google Ads API users will no longer need to wait 24 hours before uploading conversion adjustments - they can be uploaded immediately after the original conversion has been uploaded or recorded by Google tags.
This means that you will no longer need to keep track of the 24-hour window before uploading conversion adjustments, and can stop checking for certain error codes and retrying those upload requests.
Specifically, the following changes will take effect:
UploadConversionAdjustments method, and will no longer be visible in diagnostic reports:
pending_count in diagnostics until they’re processed, at which point they’ll be counted towards either the successful_count or failed_count fields. This might take up to 24 hours.Here is how these changes will affect older Google Ads API versions v15 and v16:
UploadConversionAdjustments method, and will no longer be visible in diagnostic reports:
total_event_count metric while being processed. Once processing is completed they will be counted towards either the successful_count or failed_count. This might take up to 24 hours.What do I need to do?
If you have any questions or need help, see the Google Ads API support page for options.
- Ben Karl, on behalf of the Google Ads API Team
Previously, the interoperability settings that allow Calendar users to see availability of colleagues using Outlook and vice-versa were split between two separate locations: in the Admin console and from https://calendar.google.com/Exchange/tools. Going forward, all interoperability settings will be housed in the Admin console at Apps > Google Workspace > Settings for Calendar > Calendar Interop management. This will make it easier for admins to view and manage their interop setups.
.png)
