The White House is hosting major tech companies, along with several relevant government agencies, on Thursday to discuss ways to improve security for open-source software libraries, with senior administration officials calling it a “major national security concern.” Is.
Meeting with Biden administration officials will be representatives of Akamai, Amazon, the Apache Software Foundation, Apple, Cloudflare, Facebook/Meta, GitHub, Google, IBM, the Linux Open Source Foundation, Microsoft, Oracle, RedHat and VMware.
They will discuss how the new private-public collaboration can “rapidly improve” security.
Chinese and Iranian hackers exploited LOG4J computer flaw, affecting millions
Joining business leaders at the White House will be senior open-source software experts and senior open-source software experts from key agencies including the Department of Commerce and Homeland Security, the Pentagon, the Cyber Security and Infrastructure Security Agency, the Department of Energy, and more.
Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies, is expected to host the meeting.
A senior administration official told Fox Business that the purpose of the meeting is to focus on President Biden’s executive order on cybersecurity. That order focused on software security and led to a variety of efforts within the US government and private sector.
The official said the administration expects “additional discussions” with companies and other organizations that are not represented. The White House invited major software companies and developers last month to discuss initiatives to improve open-source security.
“Open-source software has accelerated the pace of innovation and garnered tremendous social and economic benefits, but the fact that it is widely used and maintained by volunteers remains a major national security concern. The combination is, as we are experiencing with log4j, the vulnerability,” said a senior administration official.
Microsoft says Russian group behind SolarWind attack is now targeting IT supply chain
“Software security is essential to our national and economic security,” the official continued, noting that recent incidents, including the SolarWinds hack, “serve as a recent reminder that strategic adversaries are actively pursuing malicious purposes. Take advantage of weaknesses.”
Last month, officials discovered a vulnerability within the software called “Log4j”, which they said presented “an immediate challenge to network defenders of its widespread use”.
Log4j is a flaw that allows Internet-based attackers to easily take control of everything from industrial control systems to web servers and consumer electronics. Identifying just which systems use the utility is a challenge; It is often hidden under layers of other software.
Click here to read more about Fox Business
The affected software, written in the Java programming language, logs user activity. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is highly popular with commercial software developers. According to security firm Bitdefender, it runs on multiple platforms — Windows, Linux, Apple’s macOS — powering everything from webcams to car navigation systems and medical devices.
CISA officials said the vulnerability is “a serious risk” and urged private sector organizations to work with the federal government to take action.
The Associated Press contributed to this report.