White House to host tech companies to discuss improving open-source software security amid Log4j vulnerability
On Thursday, the White House is hosting leading tech companies, along with a number of relevant government agencies, to discuss ways to improve the security of open source software libraries, with senior administration officials calling it of “key national security concern”.
Representatives from Akamai, Amazon, Apache Software Foundation, Apple, Cloudfare, Facebook/Meta, GitHub, Google, IBM, Linux Open Source Foundation, Microsoft, Oracle, RedHat and VMWare will meet with Biden administration officials.
They will discuss how new public-private collaboration could “bring about rapid improvements” in security.
CHINESE AND IRANIAN HACKERS EXPLOIT LOG4J COMPUTER DEFECT, AFFECTING HUNDREDS OF MILLIONS
Joining the White House business leaders will be senior executives and senior open source software experts from leading agencies, including the Departments of Commerce and Homeland Security, the Pentagon, the Cybersecurity and Infrastructure Security Agency, the Department of Energy and more.
Anne Neuberger, deputy national security adviser for cyber and emerging technologies, is expected to moderate the meeting.
The meeting is intended to focus on President Biden’s executive order on cybersecurity, a senior administration official told Fox Business. This order emphasized software security and sparked a series of efforts across the US government and within the private sector.
The official said the administration is planning “additional discussions” with unrepresented businesses and other organizations. Last month, the White House invited major software vendors and developers to discuss initiatives to improve open source security.
“Open source software has accelerated the pace of innovation and generated enormous societal and economic benefits, but the fact that it is widely used and maintained by volunteers is a combination that is of major national security concern. , as we are experiencing with the log4j vulnerability,” a senior administration official said.
MICROSOFT SAYS RUSSIAN GROUP BEHIND SOLARWINDS ATTACK NOW TARGETING IT SUPPLY CHAIN
“Software security is critical to our national and economic security,” the official continued, noting that recent incidents, including the SolarWinds hack, serve as “recent reminders that strategic adversaries are actively exploiting vulnerabilities for malicious purposes. “.
Last month, officials discovered a vulnerability in software known as “Log4j”, which they say presents “an urgent challenge to network defenders given its wide use”.
Log4j is a flaw that allows Internet-based attackers to easily take control of everything from industrial control systems to web servers and consumer electronics. Just identifying which systems are using the utility is a challenge; it is often hidden under layers of other software.
CLICK HERE TO LEARN MORE ABOUT FOX BUSINESS
The relevant software, written in the Java programming language, records user activity. Developed and maintained by a handful of volunteers under the auspices of the open source Apache Software Foundation, it is very popular with commercial software developers. It runs on many platforms — Windows, Linux, Apple’s macOS — powering everything from webcams to car navigation systems and medical devices, according to security firm Bitdefender.
CISA officials said the vulnerability poses “a serious risk” and urged private sector organizations to work with the federal government to take action.
The Associated Press contributed to this report.