Biden administration to meet with major tech companies on Thursday over national security issues in software

By Sean Lyngaas, CNN

Biden administration officials will meet with key software developers and big tech companies like Apple and Google on Thursday to discuss ways to make open source computer code more secure after a a critical vulnerability has arisen last month, according to U.S. officials, it could have affected hundreds of millions of devices around the world.

The virtual meeting, which will be attended by officials from the White House, the Department of Defense, the Department of Homeland Security and other departments and agencies, will focus on “what worked and what can be done about it.” other to secure open source software. which we all fundamentally rely on, ”a senior administration official told reporters.

The guest list includes executives from Amazon, parent company Facebook Meta, IBM and Microsoft, among others, as well as open source software organizations Linux and Apache, according to the White House. Open source software is publicly available code that Internet users can inspect and modify on behalf of the collaboration.

Analysts say the latter two nonprofits are crucial in addressing the issue, as countless software products sold by the world’s biggest tech companies rely on open source code.

The Apache Software Foundation, which is run by volunteers, manages Log4j, an extremely popular software that organizations use to save data in their applications. Public disclosure of an easy-to-exploit bug in Log4j in December run a race between hackers trying to break into vulnerable systems and businesses and government agencies trying to plug the hole.

To date, the impact of the vulnerability has not been as severe as some feared. U.S. officials say there is no evidence federal agencies were breached using the Log4j flaw. But officials also warn that it could be months before they know the full extent of the bug’s impact, given the software’s widespread use.

In a briefing with reporters on Monday, Jen Easterly, head of DHS’s Cybersecurity and Infrastructure Security Agency, called the 2017 hack by credit reporting agency Equifax a warning.

the infringe, which compromised the data of about 145 million U.S. consumers, was not made public until September 2017, but was made using a flaw in open source software discovered in March of the same year. The Justice Ministry accused four Chinese military officials in 2020 of carrying out the hack to steal trade secrets and for espionage purposes.

The Federal Trade Commission warned US businesses in a press release this month to address the Log4j vulnerability in order to “reduce the likelihood of harm to consumers and avoid FTC lawsuits.” The agency cited the Equifax breach in 2017, after which the credit reporting agency had to pay around $ 700 million to settle lawsuits brought by the FTC and US states.

“As a company, we need to fund critical open source projects [that] technology vendors rely on us and make us all vulnerable when vulnerabilities are discovered, ”said Chris Wysopal, former member of an influential hacker collective that warned Congress about Internet vulnerabilities in 1998.

“I hope the White House has invited members of the Apache group or other prominent open source maintenance managers so that they can hear about the struggles of these volunteer teams and the resources they could use on the more, “Wysopal, who is now chief technology officer at cybersecurity company Veracode, told CNN.

The-CNN-Wire
™ & © 2022 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.

Comments are closed.