UPDATED 13:30 EST / DECEMBER 24 2021

POLICY

White House invites tech firms to discuss open-source software security in January

White House National Security Advisor Jake Sullivan has invited major tech firms to discuss ways that the cybersecurity of open-source software can be improved, Bloomberg reported on Thursday.

According to Bloomberg, the tech firms include “major software companies and developers.” Cloud providers are also reportedly among the invited companies.

Anne Neuberger, deputy national security advisor for cyber and emerging technology, will reportedly host a one-day discussion in January with representatives of the invited tech companies. The discussion will involve “company officials responsible for open-source projects and security,” according to Reuters.

The White House’s invitation to tech companies comes a few weeks after the discovery of a critical vulnerability in Log4j, a widely used open-source tool. In a letter to the invited tech firms, Sullivan reportedly stated that the popularity of open-source software projects and the fact that they’re maintained by volunteers is a “combination that is a key national security concern, as we are experiencing with the Log4j vulnerability.”

Log4j is a popular open-source tool that companies use to detect and troubleshoot errors in Java applications. The tool was recently found to contain a critical vulnerability that allows hackers to install malware on affected systems. The vulnerability is considered one of the most severe software security flaws in recent years because it’s fairly simple for hackers to exploit and affects a large number of systems. 

Within days of the vulnerability becoming public knowledge, cybersecurity companies detected hundreds of thousands of hacking attempts targeting Log4j deployments. The Apache Software Foundation, which oversees development of Log4j, released a patch along with a guide that explains how users can fix the vulnerability if downloading the patch is not possible. Cloudflare Inc. and other companies took steps to protect customers from cyberattacks that target the tool. 

In August, U.S. President Joe Biden called cybersecurity a “core national security challenge” during a meeting with executives from Amazon.com Inc., Google LLC, Microsoft Corp. and other leading companies. The participating companies pledged to invest billions of dollars in cybersecurity-related initiatives over the next few years.

Key players within the open-source software ecosystem are also taking steps to improve cybersecurity. In October, the Linux Foundation announced that it has raised $10 million from more than two dozen tech firms and other companies to support an initiative known as the  Open Source Security Foundation project. The initiative is a cross-industry collaboration that seeks to improve the security of open-source software. 

Image: Wikipedia

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.