White House Enlists Software Industry To Improve Open-Source Security

White House officials are asking major software companies and developers to work with them to improve the security of open-source software, according to an administration official. From a report: The invitation follows the disclosure of a vulnerability in popular open-source Apache software that cybersecurity officials have described as one of the most serious in recent memory. In a letter Thursday, National Security Advisor Jake Sullivan invited major players in the software industry to discuss initiatives to improve open-source software security, the official said. Dozens of open-source software projects have become crucial components of global commerce and are mostly maintained by volunteers. The effort will start with a one-day discussion in January hosted by Anne Neuberger, the deputy national security advisor for cyber and emerging technology, according to the official. In the letter, Sullivan wrote that open-source software has accelerated the pace of innovation but pointed out that the fact that it is broadly used and maintained by volunteers is a “combination that is a key national security concern, as we are experiencing with the Log4j vulnerability,” the official said.