U.S. government, technology community advance open source security collaboration efforts

GovFresh By GovFresh · January 14, 2022

In the wake of the Log4j vulnerability, the White House met with technology companies and organizations to discuss how the federal government and industry can better partner on open source security.

Prior to the White House Open Source Software Security Summit, a senior administration official told CyberScoop, “Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements.”

According to CyberScoop, the full tech participant list included Akamai, Amazon, Apache Software Foundation, Apple, Cloudflare, Facebook/Meta, GitHub, Google, IBM, Linux Open Source Foundation, Microsoft, Oracle, RedHat and VMware.

U.S. Commerce Secretary Gina Raimondo said the National Institute of Standards and Technology is working to gather ideas from technology and open source communities on how best to work together.

“NIST intends to soon release a Request for Information asking stakeholders – people like you – how it can improve its cybersecurity efforts,” said Raimondo. “This will help ensure that NIST is partnering effectively with both the private and public sectors on cybersecurity, including open-source software.”

Companies and organizations released statements expressing their commitment to collaborating with government to build stronger communities related to open source security.

OpenSSF / Linux Foundation:

The open source ecosystem will need to work together to further cybersecurity research, training, analysis and remediation of defects found in critical open source software projects. These plans were met with positive feedback and a growing, collective commitment to take meaningful action. Following the recent log4j crisis, the time has never been more pressing for public and private collaboration to ensure that open source software components and the software supply chains they flow through demonstrate the highest cybersecurity integrity.

GitHub:

We see tremendous opportunity ahead to help the community realize a safer and more secure future for software. Through partnerships with governments, academia, developers, and other organizations, we can better protect and support the developers and software that power our world.

Google:

Many leading companies and organizations don’t recognize how many parts of their critical infrastructure depend on open source. That’s why it’s essential that we see more public and private investment in keeping that ecosystem healthy and secure. … Given the importance of digital infrastructure in our lives, it’s time to start thinking of it in the same way we do our physical infrastructure. Open source software is a connective tissue for much of the online world — it deserves the same focus and funding we give to our roads and bridges.

Radar

News we're paying attention to.

Radar

Support

Thank you for supporting our work.

Support

Subscribe

Stay updated.

Subscribe

Suggest

Help make GovFresh better.

Suggest