Thu. Jan 27th, 2022

After Log4j, open-source software is now a national security issue

Pictures: Dünzl ulstein Photo (Getty Images)

Over the years, developers of free, open source software Has been said Everyone will hear that their projects need better financial support and more supervision. Now, after a series of catastrophic incidents involving open-source code, the federal government and Silicon Valley are finally listening.

A Meeting At the White House on Thursday, officials from some of the largest companies in the tech sector met with administration officials to discuss the need for better security in the open source community. The list of participants includes big names like Google, Facebook, Microsoft, Amazon, Oracle and Apple.

Open source software Unlike proprietary software, it is free, publicly accessible, and can be used or modified by anyone. Because of how useful open-source tools can be, large corporations will often use them for development purposes. But unfortunately, open source projects need oversight and funding to stay secure — and they don’t always get it. Over the years, open-source developers have complained that their software needs better support from Big Tech and other institutional actors – a problem that is finally attracting some mainstream attention.

It’s not hard to see why the White House has just convened its meeting. Just a month ago, A harmful bug Found in the popular open source Apache logging library log4j. Problematic program, which is used by almost Everyone, Technology leads to widespread panic across the industry as companies rush to patch systems and products that rely on libraries for success. (TheApache Software Foundation officials were also present at Thursday’s meeting.

Log4j is not the only open source disaster that has occurred lately. Last week, Manufacturer of two widely used software tools Decided to Inexplicably Disable them with several bizarre software updates. Marak Squires, the man behind the popular JavaScript library Fake And Color, Weirdly explodes programs and is able to bring down thousands of other software projects that rely on them for success.

In short: there is definitely room for improvement and, fortunately, the participants in the recent White House meeting I think so It’s fairly tolerable. At the meeting, White House National Security Adviser Jake Sullivan explicitly called open-source software a “key national security issue.” Similarly, the President and Chief Legal Officer of Google’s Global Affairs Dr. Kent Walker Issued a statement He argued on the company’s blog on Thursday that he wanted to see better support for the open source community.

“For a long time, the software community has been relieved to find that open-Source software is generally secure because of its transparency and predictabilityMany eyes’ Looking to identify and solve problems, “Walker said.” But in reality, some projects have a lot of eyes on them, others have little or nothing. ”

In his statement, Walker further suggested increasing public and private support for open source projects, setting a security and testing baseline, and developing a rubric to identify “critical” projects – the kind that are widely used (e.g., something like log4j).

It is unknown at this time what he will do after leaving the post. But That sounds like a good sign that they’re talking about it.

Source link

By admin

Leave a Reply

Your email address will not be published.