White House Enlists Software Industry to Improve Open-Source Security

(Bloomberg) — White House officials are asking major software companies and developers to work with them to improve the security of open-source software, according to an administration official.

The invitation follows the disclosure of a vulnerability in popular open-source Apache software that cybersecurity officials have described as one of the most serious in recent memory.

In a letter Thursday, National Security Advisor Jake Sullivan invited major players in the software industry to discuss initiatives to improve open-source software security, the official said. Dozens of open-source software projects have become crucial components of global commerce and are mostly maintained by volunteers.

The effort will start with a one-day discussion in January hosted by Anne Neuberger, the deputy national security advisor for cyber and emerging technology, according to the official.

In the letter, Sullivan wrote that open-source software has accelerated the pace of innovation but pointed out that the fact that it is broadly used and maintained by volunteers is a “combination that is a key national security concern, as we are experiencing with the Log4j vulnerability,” the official said.

Log4j is a piece of software that developers can put into applications to log anything from mundane operations to critical alerts. It is maintained by a group of volunteer programmers as part of the nonprofit Apache Software Foundation.

The flaw, which could allow a hacker to remotely take over a computer, was discovered last month by an employee at Alibaba Group Holding’s Ltd. cloud-security team. 

 

More stories like this are available on bloomberg.com

©2021 Bloomberg L.P.

Close Bitnami banner
Bitnami