White House calls summit on open source security following Log4j attacks

DMCA / Correction Notice
- Advertisement -

Loading Audio Player…
- Advertisement -

Following the fallout from the recently revealed Log4j vulnerability, the White House will meet with US tech giants to discuss the security of open source software.

In addition to Apple, Google, Amazon, Meta, IBM and Microsoft, the Apache Software Foundation that owns and maintains the Log4j library, Oracle, GitHub and the Linux Open Source Foundation will also participate in the meeting with the Biden administration.


Officials from all tech companies participating in the meeting will also meet with representatives from several US government agencies, including the Department of Commerce, the Department of Defense, the Department of Energy and Homeland Security. However, other agencies such as Cyber ​​Security and Infrastructure Security Agency (CISA), National Institute of Standards and Technology and National Science Foundation will also participate in the meeting.

in an email to Nerdshala ProMike Hanley, GitHub’s chief security officer, explained how important open source software is to the business software and online services we use every day, saying:

“Open source software underpins the vast majority of the software we use – just one or two lines of vulnerable code can have a global ripple effect on the billions of developers and services that rely on it. As a large developer platform, GitHub takes those risks seriously and understands its responsibility to support the millions of developers on our platform in securing open source. Addressing software supply chain security is a team game. Governments, Through partnerships with academics, developers, and other organizations, together we can make a significant impact on the future of software security, and today’s discussion is an important step in securing the world’s code together.”

a major national security concern

In December last year, White House National Security Adviser Jake Sullivan sent a letter to CEOs of US tech companies following the discovery of a Log4Shell vulnerability in Apache’s popular Java logging framework Log4j.

In his letter, Sullivan said the security of open source software is a “major national security concern” because it is widely used and maintained by volunteers. As such, vulnerabilities in open source software can affect loads of other products and projects, as demonstrated by a 2014 Heartbleed flaw in OpenSSL which, at the time, was believed to be used on two out of every three servers. used to go.

Recently, a disgruntled developer shut down thousands of open source projects by corrupting two widely used open source libraries on GitHub. The developer cited the fact that he no longer wants to create free code for commercial companies making millions because of his actions.

We’ll hear more from each of the individual companies attending the meeting over the next days, as well as from the White House about their plans to improve the security of open source projects and software.

we have scored best firewall, best endpoint protection software And best malware removal software

through the ledge

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories