Sunday, January 23, 2022

White House hosts tech summit to discuss open-source security after Log4j

- Advertisement -
- Advertisement -
- Advertisement -

The White House will meet with leaders of main tech corporations together with Apple, Google, Amazon, Meta, IBM, and Microsoft on Thursday to discuss the security of open-source software program. The challenge has turn out to be pressing within the wake of the extraordinarily critical Log4j vulnerability, found in December 2021.

The summit may even embrace the Apache Software Foundation — the proprietor and maintainer of the Log4j library — and Oracle, proprietor of the Java software program platform on which the Log4j library runs. GitHub and the Linux Open Source Foundation may even be represented.

Executives from the tech corporations will meet with representatives of varied federal businesses, together with the departments of Commerce, Defense, Energy, and Homeland Security. Other businesses embrace the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, and the National Science Foundation, in accordance to Cyberscoop.

In the wake of the invention and fallout from the Log4j vulnerability in December, White House nationwide security advisor Jake Sullivan described open-source security as a “key national security concern.” The open-source security summit was referred to as shortly after as a direct response.

In May 2021, properly earlier than the Log4j vulnerability was found, President Biden issued an executive order on enhancing the nation’s cybersecurity. Among different issues, the order mandated that businesses of the federal authorities shore up their software program provide chains by “ensuring and attesting, to the extent practicable, to the integrity and provenance of open source software.”

Vulnerabilities in open-source software program have led to a few of the most critical security flaws in current reminiscence. The Heartbleed bug, found in 2014, affected an open-source encryption library referred to as OpenSSL that was believed to be utilized in two out of three servers throughout the online. Despite its large-scale utilization, the library was maintained largely by unpaid volunteers — as was the case with Log4j.

Open-source software program that’s crucial to the functioning of extremely worthwhile tech corporations should wrestle to entice funding, a reality that’s doubtless to be mentioned at in the present day’s summit. Just days in the past the problem was introduced to the fore once more when an open-source developer intentionally corrupted two JavaScript libraries, doubtlessly affecting hundreds of tasks. Reporting by Bleeping Computer uncovered earlier posts during which the developer lamented “support[ing] Fortune 500s…with my free work.”

Writing on Github’s firm weblog Thursday morning, chief security officer Mike Hanley described a panorama during which open software program was broadly used however nonetheless poorly supported when it comes to sources made obtainable to builders.

“First, there must be a collective industry and community effort to secure the software supply chain,” Hanley wrote. “Second, we need to better support open source maintainers to make it easier for them to secure their projects.”

Source hyperlink

- Advertisement -

More from the blog

Nike’s accessible ACG Gaiadome FlyEase Boot will be for athletes only

For the upcoming Beijing Winter Olympics, Nike introduced Friday that it’s designed inclusive and accessible gear for Team USA Olympians and...

1Password has plans to get companies to actually use one password

Digital password supervisor firm 1Password introduced this week intentions to develop the login options of its providers — beginning with one...

Google denies Facebook collusion claims in new court filing and blog post

Google has filed a movement to dismiss the antitrust criticism filed final week, which alleges it colluded with Facebook to control...

MSI Creator Z16 evaluate: thin isn’t everything

MSI’s Creator Z16 is one in all a brand new cadre of “creator” laptops which were popping up from corporations which...