White House invites tech companies to discuss open source software security in January


White House National Security Advisor Jake Sullivan invited major tech companies to discuss ways to improve the cybersecurity of open source software, Bloomberg reported Thursday.

According to Bloomberg, tech companies include “major software companies and developers.” Cloud providers are also would have among the invited companies.

Anne Neuberger, Deputy National Security Advisor for Cyber ​​and Emerging Technologies, would host a day-long discussion in January with representatives from invited tech companies. The discussion will involve “corporate officials responsible for open source projects and security,” according to Reuters.

The White House invitation to tech companies comes weeks after the discovery of a critical vulnerability in Log4j, a widely used open source tool. In a letter to invited tech companies, Sullivan would have said the popularity of open source software projects and the fact that they are maintained by volunteers is a “combination that is a key national security issue, as we are experiencing with the Log4j vulnerability”.

Log4j is a popular open source tool that companies use to detect and troubleshoot errors in Java applications. The tool was recently discovered to contain a critical vulnerability that allows hackers to install malware on affected systems. The vulnerability is took into consideration one of the most serious software security flaws in recent years, as it is quite easy for hackers to exploit and affects a large number of systems.

A few days after the vulnerability became public, cybersecurity companies detected hundreds of thousands of hacking attempts targeting Log4j deployments. The Apache Software Foundation, which oversees the development of Log4j, published a patch with a guide explaining how users can fix the vulnerability if downloading the patch is not possible. Cloudflare Inc. and other companies took action to protect customers from cyberattacks that target the tool.

In August, US President Joe Biden called cybersecurity a “major national security challenge” during a meeting with executives from Amazon.com Inc., Google LLC, Microsoft Corp. and other large companies. Participating companies promised to invest billions of dollars in cybersecurity initiatives over the next few years.

Major players in the open source software ecosystem are also taking steps to improve cybersecurity. In October, the Linux Foundation announced that it had raised $10 million from more than two dozen technology companies and other businesses to support an initiative known as the Open Source Security Foundation Project. The initiative is a cross-industry collaboration that aims to improve the security of open source software.

Picture: Wikipedia

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.


Comments are closed.