White House enlists software industry to improve open-source security

WASHINGTON (BLOOMBERG) - White House officials are asking major software companies and developers to work with them to improve the security of open-source software, according to an administration official.

The invitation follows the disclosure of a vulnerability in popular open-source Apache software that cybersecurity officials have described as one of the most serious in recent memory.

In a letter Thursday (Dec 23), National Security Advisor Jake Sullivan invited major players in the software industry to discuss initiatives to improve open-source software security, the official said.

Dozens of open-source software projects have become crucial components of global commerce and are mostly maintained by volunteers.

The effort will start with a one-day discussion in January hosted by Ms Anne Neuberger, the deputy national security adviser for cyber and emerging technology, according to the official.

In the letter, Mr Sullivan wrote that open-source software has accelerated the pace of innovation but pointed out that the fact that it is broadly used and maintained by volunteers is a "combination that is a key national security concern, as we are experiencing with the Log4j vulnerability," the official said.

Log4j is a piece of software that developers can put into applications to log anything from mundane operations to critical alerts. It is maintained by a group of volunteer programmers as part of the nonprofit Apache Software Foundation.

The flaw, which could allow a hacker to remotely take over a computer, was discovered last month by an employee at Alibaba Group Holding's.