Making Open-Source Software Safer

Open-source software brings unique value, and has unique security challenges, because of its breadth of use and the number of volunteers responsible for its ongoing security maintenance.

In the wake of the Log4Shell critical vulnerability, technology industry executives have recently attended a White House cyber security meeting to discuss initiatives to improve open-source software security .

The meeting included officials from different federal agencies including Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security and the Department of Defense.
Private sector organisations participating in included Akamai, Amazon, Apache Software Foundation, Apple, Cloudflare, Meta, GitHub, Google, IBM, the Linux Foundation, the Open Source Security Foundation, Microsoft, Oracle, RedHat, and VMWare.

Discussion focused on three topics:

  • The prevention of security defects and vulnerabilities in code and open source packages. The parties discussed ideas to make it easier for developers to write secure code by integrating security features into development tools and securing the infrastructure used to build, warehouse and distribute code. 
  • Improving the process for finding defects and fixing them. Participants discussed how to prioritise the most important open-source projects and put in place sustainable mechanisms to maintain them. 
  • Shortening of the response time for distributing and implementing fixes. The White House statement said participants discussed ways to accelerate and improve the use of Software Bills of Material (a list of components in a piece of software), as required in the President Biden's Executive Order, to make it easier to know what is in the software we purchase and use.

Following the meeting, Kent Walker, Google president Global Affairs & chief legal officer Google & Alphabet, said that the use of open-source software is foundational to digital infrastructure. “Given the importance of digital infrastructure in our lives, it’s time to start thinking of it in the same way we do our physical infrastructure. Open-source software is a connective tissue for much of the online world, it deserves the same focus and funding we give to our roads and bridges,” he wrote.

White House:    ZDNet:    I-HLS:      RCWireless:     Business Telegraph

You Might Also Read: 

Corporate Cyber Attacks Up 50% Last Year:

 

« SAAS Malware Used To Attack Crypto Wallets
Auto-Redirects: A Harmful Detour »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Armor

Armor

Armor provide managed cloud security solutions for public, private, hybrid or on-premise cloud environments.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

SevenShift

SevenShift

SevenShift is a security consulting firm with a wealth of experience in the worlds of Cybersecurity and Internet of Things (IoT).

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

Invest Ottawa

Invest Ottawa

The IO Accelerator Program is designed to rapidly and systematically accelerate the development and commercial success of high growth technology firms.

M12

M12

M12 (formerly Microsoft Ventures) is the corporate venture capital subsidiary of Microsoft.

Grove Group

Grove Group

Grove provides businesses with the tools that work best for their unique operations, through cybersecurity and cloud services, custom software development and our big data analytics expertise.

Noerr

Noerr

Noerr is one of the top European law firms with 500 professionals in Germany, Europe and the USA. We provide solutions to complex and sophisticated legal matters including cyber risks.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

Resourcive

Resourcive

Resourcive is the first Value Added Sourcing “VAS” consultancy. We deliver strategic IT sourcing solutions to mid-market and enterprise clients.

Atlas VPN

Atlas VPN

Atlas VPN is a highly secure freemium VPN service with a goal to make safe and open internet accessible for everyone.

Action Fraud

Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and cyber crime where you should report fraud if you have been scammed, defrauded or experienced cyber crime.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.

Xcelerate Solutions

Xcelerate Solutions

Xcelerate Solutions is a leading defense and national security company, providing integrated solutions in three service areas – Enterprise Security, Digital Transformation, and Strategic Consulting.