White House Enlists Software Industry to Improve Open-Source Security
(Bloomberg) -- White House officials are asking major software companies and developers to work with them to improve the security of open-source software, according to an administration official.
Most Read from Bloomberg
Hawaii Is Rethinking Tourism. Here’s What That Means for You
Biden Reasserts Warning as Putin Signals Satisfaction With Call
The invitation follows the disclosure of a vulnerability in popular open-source Apache software that cybersecurity officials have described as one of the most serious in recent memory.
In a letter Thursday, National Security Advisor Jake Sullivan invited major players in the software industry to discuss initiatives to improve open-source software security, the official said. Dozens of open-source software projects have become crucial components of global commerce and are mostly maintained by volunteers.
The effort will start with a one-day discussion in January hosted by Anne Neuberger, the deputy national security advisor for cyber and emerging technology, according to the official.
In the letter, Sullivan wrote that open-source software has accelerated the pace of innovation but pointed out that the fact that it is broadly used and maintained by volunteers is a “combination that is a key national security concern, as we are experiencing with the Log4j vulnerability,” the official said.
Log4j is a piece of software that developers can put into applications to log anything from mundane operations to critical alerts. It is maintained by a group of volunteer programmers as part of the nonprofit Apache Software Foundation.
The flaw, which could allow a hacker to remotely take over a computer, was discovered last month by an employee at Alibaba Group Holding’s Ltd. cloud-security team.
Most Read from Bloomberg Businessweek
What Really Happens When Workers Are Given a Flexible Hybrid Schedule?
How to ‘See’ Time: The Secret to Peak Entrepreneur Productivity
Stop With the Covid Excuses, Already—Customers Have Caught On
The Super League Debacle Forced Manchester United’s American Owners to Listen to Fans
©2021 Bloomberg L.P.