Making Open-Source Software Safer

Uploaded on 2022-01-25 in TECHNOLOGY--Resilience, NEWS-News Analysis, FREE TO VIEW

Open-source software brings unique value, and has unique security challenges, because of its breadth of use and the number of volunteers responsible for its ongoing security maintenance.

In the wake of the Log4Shell critical vulnerability, technology industry executives have recently attended a White House cyber security meeting to discuss initiatives to improve open-source software security .

The meeting included officials from different federal agencies including Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security and the Department of Defense.
Private sector organisations participating in included Akamai, Amazon, Apache Software Foundation, Apple, Cloudflare, Meta, GitHub, Google, IBM, the Linux Foundation, the Open Source Security Foundation, Microsoft, Oracle, RedHat, and VMWare.

Discussion focused on three topics:

  • The prevention of security defects and vulnerabilities in code and open source packages. The parties discussed ideas to make it easier for developers to write secure code by integrating security features into development tools and securing the infrastructure used to build, warehouse and distribute code. 
  • Improving the process for finding defects and fixing them. Participants discussed how to prioritise the most important open-source projects and put in place sustainable mechanisms to maintain them. 
  • Shortening of the response time for distributing and implementing fixes. The White House statement said participants discussed ways to accelerate and improve the use of Software Bills of Material (a list of components in a piece of software), as required in the President Biden's Executive Order, to make it easier to know what is in the software we purchase and use.

Following the meeting, Kent Walker, Google president Global Affairs & chief legal officer Google & Alphabet, said that the use of open-source software is foundational to digital infrastructure. “Given the importance of digital infrastructure in our lives, it’s time to start thinking of it in the same way we do our physical infrastructure. Open-source software is a connective tissue for much of the online world, it deserves the same focus and funding we give to our roads and bridges,” he wrote.

White House:    ZDNet:    I-HLS:      RCWireless:     Business Telegraph

You Might Also Read: 

Corporate Cyber Attacks Up 50% Last Year:

 

« SAAS Malware Used To Attack Crypto Wallets
Auto-Redirects: A Harmful Detour »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

CLUSIS

CLUSIS

CLUSIS is an association for the information security industry in Switzerland.

PartnerRe

PartnerRe

PartnerRe Ltd. provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

Exabeam

Exabeam

Exabeam provides security intelligence and management solutions to help organizations of any size protect their most valuable information.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

Transpere

Transpere

Transpere provides IT Asset Disposition (ITAD), Data Destruction, Electronic Recycling and Onsite Data Services.

TES

TES

TES is a provider of IT Lifecycle Services, offering bespoke solutions that help customers manage the commissioning, deployment and retirement of Information Technology assets.

Ockam

Ockam

Ockam gives you the tools you need to establish an architecture for trust within your connected device applications.

TROOPERS

TROOPERS

TROOPERS InfoSec event consists of two days of high-end training, followed by a two-day, three-track conference, culminating in Roundtables on the final day.

Leidos

Leidos

Leidos is a recognized leader in cybersecurity across the federal government, bringing more than a decade of experience defending cyber interests globally.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

LogicGate

LogicGate

The LogicGate Risk Cloud™ is an agile GRC cloud solution that combines powerful functionality with intuitive design to enhance enterprise GRC programs.

Adversa AI

Adversa AI

Adversa's mission is to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents.