Making Open-Source Software Safer

Uploaded on 2022-01-25 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Open-source software brings unique value, and has unique security challenges, because of its breadth of use and the number of volunteers responsible for its ongoing security maintenance.

In the wake of the Log4Shell critical vulnerability, technology industry executives have recently attended a White House cyber security meeting to discuss initiatives to improve open-source software security .

The meeting included officials from different federal agencies including Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security and the Department of Defense.
Private sector organisations participating in included Akamai, Amazon, Apache Software Foundation, Apple, Cloudflare, Meta, GitHub, Google, IBM, the Linux Foundation, the Open Source Security Foundation, Microsoft, Oracle, RedHat, and VMWare.

Discussion focused on three topics:

  • The prevention of security defects and vulnerabilities in code and open source packages. The parties discussed ideas to make it easier for developers to write secure code by integrating security features into development tools and securing the infrastructure used to build, warehouse and distribute code. 
  • Improving the process for finding defects and fixing them. Participants discussed how to prioritise the most important open-source projects and put in place sustainable mechanisms to maintain them. 
  • Shortening of the response time for distributing and implementing fixes. The White House statement said participants discussed ways to accelerate and improve the use of Software Bills of Material (a list of components in a piece of software), as required in the President Biden's Executive Order, to make it easier to know what is in the software we purchase and use.

Following the meeting, Kent Walker, Google president Global Affairs & chief legal officer Google & Alphabet, said that the use of open-source software is foundational to digital infrastructure. “Given the importance of digital infrastructure in our lives, it’s time to start thinking of it in the same way we do our physical infrastructure. Open-source software is a connective tissue for much of the online world, it deserves the same focus and funding we give to our roads and bridges,” he wrote.

White House:    ZDNet:    I-HLS:      RCWireless:     Business Telegraph

You Might Also Read: 

Corporate Cyber Attacks Up 50% Last Year:

 

« SAAS Malware Used To Attack Crypto Wallets
Auto-Redirects: A Harmful Detour »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

Radiant Logic

Radiant Logic

Radiant Logic is a market-leading provider of federated identity solutions based on virtualization, and delivers simple, logical, and standards-based access to all identities within an organization.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

IABG

IABG

IABG offer independent, product-neutral consulting as well as technical and scientific services for the use of safety-relevant systems and technologies.

Cyber Craft

Cyber Craft

CyberCraft is an innovative and dynamic software development, outsourcing and consulting company. Services offered include penetration testing.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

CyberCareers.gov

CyberCareers.gov

CyberCareers.gov is a platform for Cybersecurity Job Seekers, Federal Hiring Managers and Supervisors, Current Federal Cybersecurity Employees, Students and Universities.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

Echosec Systems

Echosec Systems

Echosec Systems is a data discovery company delivering social media and dark web threat intelligence. Our web based security software delivers critical information for situational awareness.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.

Jitterbit

Jitterbit

Jitterbit integrates critical business processes and enables application development to deliver the experiences and insights needed by enterprises of all sizes to accelerate their digital journey.

System Two Security

System Two Security

System Two Security automates detection engineering and threat hunting.