Best Cryptocurrency Exchange Reddit

After Log4j, Open-Source Software Now a National Security Issue

After Log4j, Open-Source Software Now a National Security Issue
Written by publisher team

Image of the article titled After Log4j, open source software is now a national security issue

Photo: Dunzlullstein .’s photo (Getty Images)

For years, developers of free open source software He was saying Anyone who hears that their projects need better financial help and more oversight. Now, after a number of disastrous incidents involving open source code, perhaps the federal government and Silicon Valley are finally listening.

a Meeting At the White House on Thursday, executives from some of the technology sector’s biggest companies met with administrators to discuss the need to improve security in the open source community. The list of attendees included big names such as Google, Facebook, Microsoft, Amazon, Oracle, and Apple, among others.

Unlike proprietary software, thepen source software It is free, publicly inspectable, and can be used or modified by anyone. Because of how useful open source tools are, they are often used by major companies in development purposes. But, Unfortunately, open source projects need oversight and funding to stay safe – and they don’t always get it. For years, open source developers have complained that their software needs better support from Big Tech and other institutional actors – an issue that has finally gained some mainstream attention.

It’s not hard to see why the White House is holding its meeting now. A month or so ago, malicious insect It is found in the popular open source Apache logging library log4j. The troubled software, used by nearly everyone, has led to widespread panic across the tech industry, as companies scrambled to fix library-based systems and products to success. (Officials from Apache Software were also present at Thursday’s meeting.)

Log4j is not the only open source disaster that has occurred recently. Just last week, he created two widely used software tools I decided inexplicably Disable it via a number of strange software updates. Mark Squires, the man behind the popular JavaScript Libraries remember And ColorsIt blew up the software, strangely, and managed to remove thousands of other software projects that it relied on for success.

In short: there is clearly room for improvement, fortunately for those present at the last White House meeting seem To some extent amenable to it. At the meeting, White House National Security Adviser Jake Sullivan apparently described open source software as a “key national security issue.” Likewise, Google’s Head of Global Affairs and Chief Legal Officer Kent Walker Publish a statement to the company’s blog on Thursday arguing that he wants to see better support for the open source community.

“For too long, the software community has been comfortable in assuming that open source software is generally secure because of its transparency and assuming that ‘many eyes’ were watching to discover and solve problems,” Walker said. “But in reality, while some projects have a lot of eyes on them, others have little or none at all.”

In his statement, Walker further suggests increasing public and private support for open source projects, establishing security and testing baselines, and developing an evaluation model to identify “significant” projects – the kind that get a lot of use (eg, perhaps something like log4j).

What the government and other members of the big tech companies have in mind to improve open source security isn’t entirely clear at this point, but the fact that they’re talking about it seems like a good sign.

.

About the author

publisher team