After Log4j, open source software is now a national security issue

Image of an article titled Log4j, Open Source Software is Now a National Security Issue

Photo: Dünzlullstein images (Getty Images)

Over the years, developers of free, open source software been telling Anyone willing to listen that their project needs better financial aid and more oversight. Now, after a series of disastrous events involving open source code, the federal government and Silicon Valley may finally be listening.

One Meeting At the White House on Thursday, executives from some of the tech industry’s biggest companies met with government officials to discuss the need to improve security in the open source community. The list of attendees includes well-known companies such as Google, Facebook, Microsoft, Amazon, Oracle and Apple.

open source software The difference from proprietary software is that it is free, publicly inspectable, and can be used or modified by anyone. Since open source tools are so useful, large companies often use them for development purposes. But unfortunately, open source projects need oversight and funding to stay safe — and they don’t always get it. For years, open-source developers have complained that their software needs better support from big tech companies and other institutional players — an issue that is finally getting some mainstream attention.

It’s not hard to see why the White House is holding a meeting now. Just over a month ago, a harmful mistake Found in the popular open source Apache logging library log4j.The program in question is almost Everyone, causing widespread panic across the tech industry as companies scrambled to patch systems and products that depended on libraries for success. (ThisOfficials from the Apache Software Foundation also attended Thursday’s meeting. )

Log4j isn’t the only recent open source disaster. Just last week, Creator of two widely used software tools Decide baffling Disable them with some weird software update. Marak Squires, the man behind the popular JavaScript library fraud and color, strangely blitzed programs and managed to cancel thousands of other software projects that depended on them for success.

In short: there’s clearly room for improvement, thank goodness attendees of the recent White House meeting seem quite submissive. During the meeting, White House National Security Adviser Jack Sullivan apparently referred to open source software as a “critical national security issue.”Likewise, Google’s president of global affairs and chief legal officer Kent Walker issue a statement In a company blog post on Thursday, he said he would like to see better support for the open source community.

“For a long time, the software community has been comfortable with the open-ended assumption.Source software is generally safe because of its transparency and assumptions”many eyes’ are watching to find and fix problems,” Walker said. “But the truth is, while some projects do have a lot of attention to them, others have little or no. ”

In his statement, Walker further suggested increasing public and private support for open source projects, establishing security and testing baselines, and developing standards for identifying “critical” projects that are widely used (i.e., potentially similar to log4j).

At this point, it’s not entirely clear what the rest of the government and the rest of Big Tech think about better open source security, but The fact that they’re talking about it seems like a good sign.

Source link

Leave a Reply

Your email address will not be published.