The White House in January 2014, under the snow. Photo: The White House / Wikimedia Commons / CC0 – public domain
The National Security Advisor to the President of the United States, Jake Sullivan, wrote to key representatives of software companies on December 23 to discuss improving the security of open source software, reports Bloomberg.
Guest software vendors and cloud providers
The first step will be a one-day discussion, in January, hosted by Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies.
In his letter, Bloomberg says, Sullivan writes that open source software has increased the pace of innovation, but he also points out that the fact that it is widely used and maintained by volunteers is “a combination that poses a key question. security, as we experience with the Log4j vulnerability ”. This excerpt from Sullivan’s letter to CEOs of open source companies was released by the US presidency to reporters, CNN said.
Software development companies and cloud service providers are invited, but a spokesperson for the National Security Council declined to answer a question about the names of the companies invited.
Emergency
As ZDNet wrote on December 21 regarding the crisis opened up by the vulnerability discovered in Log4j, “Efforts are currently being made by the Apache Foundation to correct the basic Log4j project, as well as by IBM, Cisco, Oracle, VMware and others to fix products containing vulnerable versions of the Log4j component. Google has also released tools to prevent developers from using vulnerable versions of Log4j in new versions of free software. Finally, the US government has ordered all federal agencies to patch or mitigate Log4Shell before Christmas. ”
On December 17, the Cybersecurity and Infrastructure Security Agency (CISA), a US government agency, issued an “emergency directive” ordering federal civilian agencies to update their computer systems.
Read also
Log4j: CISA and Crowdstrike publish their detection tool – December 24, 2021
Log4j: The authorities call for enhanced vigilance of companies – December 23, 2021