White House National Security Advisor Jake Sullivan has invited major tech firms to discuss ways that the cybersecurity of open-source software can be improved, Bloomberg reported on Thursday.

According to Bloomberg, the tech firms include “major software companies and developers.” Cloud providers are also reportedly among the invited companies.

Anne Neuberger, deputy national security advisor for cyber and emerging technology, will reportedly host a one-day discussion in January with representatives of the invited tech companies. The discussion will involve “company officials responsible for open-source projects and security,” according to Reuters.

The White House’s invitation to tech companies comes a few weeks after the discovery of a critical vulnerability in Log4j, a widely used open-source tool. In a letter to the invited tech firms, Sullivan reportedly stated that the popularity of open-source software projects and the fact that they’re maintained by volunteers is a “combination that is a key national security concern, as we are experiencing with the Log4j vulnerability.”

Log4j is a popular open-source tool that companies use to detect and troubleshoot errors in Java applications. The tool was recently found to contain a critical vulnerability that allows hackers to install malware on affected systems. The vulnerability is considered one of the most severe software security flaws in recent years because it’s fairly simple for hackers to exploit and affects a large number of systems. 

Within days of the vulnerability becoming public knowledge, cybersecurity companies detected hundreds of thousands of hacking attempts targeting Log4j deployments. The Apache Software Foundation, which oversees development of Log4j, released a patch along with a guide that explains how users can fix the vulnerability if downloading the patch is not possible. Cloudflare Inc. and other companies took steps to protect customers from cyberattacks that target the tool. 

In August, U.S. President Joe Biden called cybersecurity a “core national security challenge” during a meeting with executives from Amazon.com Inc., Google LLC, Microsoft Corp. and other leading companies. The participating companies pledged to invest billions of dollars in cybersecurity-related initiatives over the next few years.

Key players within the open-source software ecosystem are also taking steps to improve cybersecurity. In October, the Linux Foundation announced that it has raised $10 million from more than two dozen tech firms and other companies to support an initiative known as the  Open Source Security Foundation project. The initiative is a cross-industry collaboration that seeks to improve the security of open-source software. 

Image: Wikipedia