According to a White House official, big software businesses and developers are being asked to collaborate with them to improve the security of open source software.
The invitation comes after cybersecurity experts labeled a vulnerability in popular open-source Apache software as one of the most dangerous in recent memory.
National Security Advisor Jake Sullivan encouraged important stakeholders in the software industry to discuss steps to strengthen open source software security in a letter sent out Thursday, according to an official. Hundreds of open source software projects, most of which are maintained by volunteers, have become critical components of global business.
According to the official, the endeavour will kick off in January with a one day conversation held by Anne Neuberger, the deputy national security advisor for cyber and emerging technology.
Sullivan stated in the letter that open source software has boosted innovation, but that the fact that it is widely used and maintained by volunteers is a “combination that is a key national security concern, as we are experiencing with the Log4j vulnerability,” according to the official.
Log4j is a piece of software that allows developers to log everything from routine operations to crucial warnings in their applications. It is maintained by a group of volunteer programmers as part of the Apache Software Foundation, a non-profit organisation.
An employee of Alibaba Group Holdings identified the hole last month, which might allow a hacker to remotely take control of a machine.