White House National Security Advisor Jake Sullivan has invited major tech companies to discuss ways to improve the cybersecurity of open source software, Bloomberg reported Thursday.
According to Bloomberg, technology companies include “major software companies and developers.” Cloud providers are also would have among the invited companies.
Anne Neuberger, deputy national security adviser for cybersecurity and emerging technologies, would host a one-day discussion in January with representatives of the invited tech companies. The discussion will involve “company officials responsible for open source projects and security,” according to Reuters.
The White House invitation to tech companies comes weeks after the discovery of a critical vulnerability in Log4j, a widely used open source tool. In a letter to invited tech companies, Sullivan would have said the popularity of open source software projects and the fact that they are maintained by volunteers is a “combination that is of major national security concern, as we know it with the Log4j vulnerability.”
Log4j is a popular open source tool that businesses use to detect and resolve errors in Java applications. It was recently discovered that the tool contains a critical vulnerability that allows hackers to install malware on affected systems. The vulnerability is took into consideration one of the most serious software security holes in recent years, because it is fairly easy for hackers to exploit and affects a large number of systems.
Days after the vulnerability became public, cybersecurity companies detected hundreds of thousands of hack attempts targeting Log4j deployments. The Apache Software Foundation, which oversees the development of Log4j, published a patch with a guide explaining how users can fix the vulnerability if the patch download is not possible. Cloudflare Inc. and other companies took action to protect customers from cyber attacks that target the tool.
In August, US President Joe Biden called cybersecurity a “critical national security challenge” in a meeting with executives from Amazon.com Inc., Google LLC, Microsoft Corp. and other leading companies. Participating companies promised invest billions of dollars in cybersecurity initiatives over the next few years.
Key players in the open source software ecosystem are also taking steps to improve cybersecurity. In October, the Linux Foundation announced that it had raised $ 10 million from more than two dozen tech and other companies to support an initiative known as the Open Source Security Foundation Project. The initiative is a cross-industry collaboration that aims to improve the security of open source software.