The White House will host technology companies to discuss enhancing open source software security amid Log4j vulnerability
The White House on Thursday is hosting leading technology companies, along with a number of relevant government agencies, to discuss ways to improve the security of open source software libraries, with senior administration officials calling it a “key national security issue.”
Meetings with the Biden administration will be representatives from Akamai, Amazon, Apache Software Foundation, Apple, Cloudfare, Facebook / Meta, GitHub, Google, IBM, Linux Open Source Foundation, Microsoft, Oracle, RedHat and VMWare.
They will discuss how new private-public cooperation can “quickly drive improvements”[ads1]; in security.
CHINESE AND IRANIAN HACKERS TAKE LOG4J COMPUTER ERRORS, LOVING HUNDREDS OF MILLIONS
Together with White House business leaders, senior executives and senior open source software experts from leading agencies, including the Department of Commerce and Homeland Security, the Pentagon, the Cybersecurity and Infrastructure Security Agency, the Department of Energy and more.
Anne Neuberger, Deputy National Security Adviser for Cyber and New Technologies, is expected to host the meeting.
The meeting is intended to focus on President Biden’s executive order on cyber security, a senior administration official told Fox Business. This order focused on software security and drove a number of efforts across the US government and in the private sector.
The official said the administration expects “further discussions” with the companies and other organizations not represented. The White House invited major software companies and developers to discuss initiatives to improve open source security last month.
“Open source software has accelerated the pace of innovation and has led to enormous societal and economic benefits, but the fact that it is widely used and maintained by volunteers is a combination that is a key national security issue, as we experience with log4j vulnerability,” said a senior administration officer.
MICROSOFT SAYS RUSSIAN GROUP BEHIND SOLARWINDS ATTACK NOW MEASURES THE SUPPLY CHAIN
“Software security is critical to our national and economic security,” the official continued, noting that recent incidents, including the SolarWinds hack, serve as “recent reminders that strategic opponents are actively exploiting vulnerabilities for malicious purposes.”
Last month, officials discovered a vulnerability in software known as “Log4j”, which they said presents “an urgent challenge for network defenders given its widespread use”.
Log4j is a bug that allows Internet-based attackers to easily take control of everything from industrial control systems to web servers and consumer electronics. Just identifying which systems use the tool is a challenge; it is often hidden under layers of other software.
CLICK HERE TO READ MORE ABOUT FOX BUSINESS
The affected software, written in the Java programming language, logs user activity. Developed and maintained by a handful of volunteers under the auspices of the open source Apache Software Foundation, it is very popular with commercial software developers. It runs across many platforms – Windows, Linux, Apple’s MacOS – that power everything from webcams to car navigation systems and medical devices, according to security firm Bitdefender.
CISA officials said the vulnerability posed a “serious risk” and called on private sector organizations to work with the federal government to take action.
The Associated Press contributed to this report.