Over the years, developers of free, open source software been telling Anyone willing to listen that their project needs better financial aid and more oversight. Now, after a series of disastrous events involving open source code, the federal government and Silicon Valley may finally be listening.
One Meeting At the White House on Thursday, executives from some of the tech industry’s biggest companies met with government officials to discuss the need to improve security in the open source community. The list of attendees includes well-known companies such as Google, Facebook, Microsoft, Amazon, Oracle and Apple.
open source software The difference from proprietary software is that it is free, publicly inspectable, and can be used or modified by anyone. Since open source tools are so useful, large companies often use them for development purposes. But unfortunately, open source projects need oversight and funding to stay safe — and they don’t always get it. For years, open-source developers have complained that their software needs better support from big tech companies and other institutional players — an issue that is finally getting some mainstream attention.
It’s not hard to see why the White House is holding a meeting now. Just over a month ago, a harmful mistake Found in the popular open source Apache logging library log4j.The program in question is almost Everyone, causing widespread panic across the tech industry as companies scrambled to patch systems and products that depended on libraries for success. (ThisOfficials from the Apache Software Foundation also attended Thursday’s meeting. )
In short: there’s clearly room for improvement, thank goodness attendees of the recent White House meeting seem quite submissive. During the meeting, White House National Security Adviser Jack Sullivan apparently referred to open source software as a “critical national security issue.”Likewise, Google’s president of global affairs and chief legal officer Kent Walker issue a statement In a company blog post on Thursday, he said he would like to see better support for the open source community.
“For a long time, the software community has been comfortable with the open-ended assumption.Source software is generally safe because of its transparency and assumptions”many eyes’ are watching to find and fix problems,” Walker said. “But the truth is, while some projects do have a lot of attention to them, others have little or no. ”
In his statement, Walker further suggested increasing public and private support for open source projects, establishing security and testing baselines, and developing standards for identifying “critical” projects that are widely used (i.e., potentially similar to log4j).
At this point, it’s not entirely clear what the rest of the government and the rest of Big Tech think about better open source security, but The fact that they’re talking about it seems like a good sign.