Top executives from some of the world’s biggest tech companies met with White House officials on Thursday to discuss ways to boost the security of the open-source software behind everything from consumer gadgets to large-scale industrial systems. .
the White House said That those who participated, including representatives from Apple, Google and Microsoft, had a “genuine and constructive” discussion. It added that talks would continue in the coming weeks.
The meeting took place in the wake of last month’s discovery apachelog4j, If not patched or otherwise fixed, the bug can be exploited by cyber attackers, posing a massive risk to the Internet., a major security flaw in the popular open-source Java-logging library
The White House said Thursday’s discussions focused on how to prevent security vulnerabilities in open-source software, as well as how to improve the process of finding and fixing bugs and speeding up the patching process.
Officials who attended the meeting described it as valuable and pledged to work with the government to promote open-source software security.
Jamie Thomas, general manager of strategy and development for IBM Systems, said, “Software of all types faces threats from cybercriminals and malicious actors, and in many ways open source software, with its inherent transparency, is more secure than proprietary software. can be.” A statement after joining the program
Given its importance, it’s time to think of digital infrastructure as we think of our physical infrastructure, said Kent Walker, president of global affairs and chief legal officer of Google and Alphabet.
“Open source software is a connective tissue for much of the online world – it deserves the same focus and funding that we give to our roads and bridges,” Walker said in a statement after the incident.
Red Hat, one of the largest open-source software companies, sent a trio of executives to the meeting and later issued a statement calling on both open-source and proprietary software makers to maintain greater visibility into their software, through their lives. Asked to take responsibility for the cycle. and make safety data publicly available.
, director of the Cybersecurity and Infrastructure Security Agency, has said that Log4j’s wide scope, which affects millions of Internet-connected devices, makes it one of the most serious in his career.
As of Monday, no federal agencies had been compromised as a result of the bug and no major cyberattacks had been reported in the US. According to Easterly, so far most efforts to exploit the bug have focused on low-level crypto mining or attempts to lure tools into botnets.
Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger and National Cyber Director Chris Inglis were top White House officials on Thursday, while several other federal agencies, including the Department of Homeland Security, CISA and the Department of Defense, also participated.
Other participating tech companies include Akamai, Apache Software Foundation, Cloudflare, Meta, GitHub, Linux Foundation, Open Source Security Foundation, Oracle, RedHat and VMware.