White House meets with top software executives to talk security

The White House and tech executives are working to boost open-source software security.

White House

Top executives from some of the world’s largest tech companies met with White House officials Thursday to discuss ways to boost the security of the open-source software behind everything from consumer gadgets to massive industrial systems.

The White House said that those who participated, which included representatives from the likes of Apple, Google and Microsoft, had a “substantive and constructive” discussion. It added that talks will continue over the coming weeks.

The meeting came in the wake of last month’s discovery of Log4j, a massive security flaw in the popular open-source Java-logging library Apache Log4j. If left unpatched or otherwise unfixed, the bug could be exploited by cyber attackers, posing risks for huge swaths of the internet.

Thursday’s discussion focused on how to prevent security vulnerabilities in open-source software, as well as how to improve the process for finding and fixing bugs and how to speed up the patching process, the White House said.

Executives who attended the meeting called it valuable and pledged to work with the government to boost open-source software security.

“All types of software face threats from cybercriminals and malicious actors, and in many ways open source software, with its inherent transparency, can be more secure than proprietary software,” Jamie Thomas, general manager for strategy and development for IBM Systems, said in a statement after attending the event.

Kent Walker, president for global affairs and chief legal officer for Google and Alphabet, said that given its importance, it’s time to start thinking about digital infrastructure the same way we do our physical infrastructure.

“Open source software is a connective tissue for much of the online world — it deserves the same focus and funding we give to our roads and bridges,” Walker said in a statement after the event. 

Red Hat, one of the largest open-source software companies, sent a trio of executives to the meeting and released a statement afterwards calling on both open-source and proprietary software makers to maintain greater visibility into their software, take responsibility for its life cycle and make security data publicly available.

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, has said that the sheer scope of Log4j, which affects tens-of million of internet-connected devices, makes it the most serious she’s seen in her career.

As of Monday, no federal agencies had been compromised as a result of the bug and no major cyberattacks had been reported in the US. Most of the attempts to exploit the bug, so far, have been focused on low-level crypto mining or attempts to draw devices into botnets, according to Easterly.

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger and National Cyber Director Chris Inglis were the top White House officials in attendance Thursday, while several other federal agencies including the Department of Homeland Security, CISA and the Department of Defense also attended.

Other tech companies participating included Akamai, Apache Software Foundation, Cloudflare, Meta, GitHub, the Linux Foundation, the Open Source Security Foundation, Oracle, RedHat and VMWare. 

For all the latest world News Click Here 

Read original article here

Denial of responsibility! TechAI is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.