White House meets tech companies to discuss open source software security

News General United States 14 JAN 2022
White House meets tech companies to discuss open source software security

The US government has held a meeting with major technology companies to discuss improving cybersecurity. The White House said the meeting focused on open-source software and how to make the widely used software more secure by design and to more quickly detect and remedy any faults. 

The meeting follows the detection of a serious vulnerability in the Apache Log4J software in December. The security hole known as Log4Shell affected thousands of applications around the world, opening up a relatively simple path for unauthorised access by hackers. 

The Apache Software Foundation was among the participants at the meeting, along with Apple, Cloudflare, Facebook/Meta, GitHub, Google, IBM, the Linux Foundation, the Open Source Security Foundation, Microsoft, Oracle, RedHat and VMWare. Representatives of several federal bodies also joined, including the national cyber director, the departments of defense, commerce, energy and homeland security, the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, and the National Science Foundation.

The discussion focused on three topics: preventing security defects and vulnerabilities in code and open source packages, improving the process for finding defects and fixing them, and shortening the response time for distributing and implementing fixes. In the first category, participants discussed ideas to make it easier for developers to write secure code by integrating security features into development tools and securing the infrastructure used to build, warehouse and distribute code, like using techniques such as code signing and stronger digital identities. In the second category, participants discussed how to prioritize the most important open source projects and put in place sustainable mechanisms to maintain them. In the final category, participants discussed ways to accelerate and improve the use of Software Bills of Material, as required in an executive order from the US president, to make it easier to know what is in the software purchased and used.

The White House said the discussions between the private sector and government will continue in the coming weeks in support of the initiatives, and the talks are open to all interested public and private stakeholders.  

Categories:

General

Companies:

AppleMicrosoftGoogleOracleVMwareCloudflareIBMMeta

Countries:

United States

Tags:

Security, IT - applications, Government policy, Market research

Related Articles

UNITED STATES 14 MRT 2023

CISA establishes ransomware vulnerability warning pilot programme

The US government's Cybersecurity and Infrastructure Security Agency (CISA) announced the establishment of the Ransomware Vulnerability Warning Pilot (RVWP) as authorised by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022. Through the RVWP, CISA will determine vulnerabilities commonly associated with known ransomware exploitation and warn critical infrastructure entities with those vulnerabilities, enabling mitigation before a ransomware incident occurs.

GLOBAL 14 SEP 2022

Linux Foundation to develop open-source engine for interoperable digital wallets

The Linux Foundation will be forming a new foundation focused on supporting interoperability for digital wallets. The OpenWallet Foundation (OWF) will be a collaborative effort to develop open source software for a wide range of wallet use cases. The multi-purpose open source engine will be open to anyone who wants to build interoperable wallets.

UNITED STATES 25 JUL 2022

Cisco, Fortinet join White House summit on cybersecurity training

Cisco announced a commitment to train an additional 200,000 students in the US over the next three years to help address the shortage of IT security workers in the country. The announcement was made at the White House Cyber Workforce and Education Summit in Washington, where Fortinet also pledged support for training. 

GLOBAL 7 JUL 2022

Apple unveils Lockdown mode against mercenary spyware

Apple has detailed two initiatives to help protect users who may be personally targeted by some of the most sophisticated digital threats, such as those from private companies developing state-sponsored mercenary spyware. Coming this fall, Lockdown will be an optional protection for people with iOS 16, iPadOS 16, and macOS Ventura. Apple also shared details about the USD 10 million cyber-security grant it announced in November 2021 to support civil society organisations that conduct mercenary spyware threat

GLOBAL 7 JUN 2022

Meta apppoints first chief information officer

Meta, the owner of Facebook, has created a new position, that of VP for chief information security officer (CISO), Reuters reported. Guy Rosen, who has been at Facebook since 2013, will take on the new role, he announced on Twitter. He was most recently led the company's product safety and integrity efforts. In his new role, Rosen said he will continue to oversee safety and security risks.

UNITED STATES 25 MRT 2022

Comcast makes xGitGuard tool available as open source software

Comcast has made the xGitGuard tool available as open source software. The tool was developed by Comcast to protect authentication secrets from being uploaded inadvertently to GitHub. It has been used internally at Comcast since 2020 by a range of teams including software development and product security.

GLOBAL 18 MRT 2022

Google, VMware introduce Google Cloud VMware Engine

Google Cloud and VMware have expanded their existing partnership, letting customers use VMware Cloud Universal in order to access Google Cloud VMware Engine. The companies said the deal will make it easier for companies to modernize apps and move to the cloud.

UNITED STATES 15 MRT 2022

US to require key infrastructure operators to report cyberattacks within 72 hours

The US is set to approve a new law requiring quicker disclosure of potential cybersecurity incidents. Approved by the House and Senate in the past week as part of larger funding bills, the legislation only requires President Joe Biden's signature before taking effect. 

UNITED STATES 28 FEB 2022

NTIA awards USD 277 mln in grants to expand broadband infrastructure

The US Department of Commerce's National Telecommunications and Information Administration (NTIA) announced it has awarded 13 grants as part of the Broadband Infrastructure Program. These grants, totaling more than USD 277 million, will be used to connect more than 133,000 unserved households. 

GLOBAL 25 FEB 2022

VMware Q4 revenues advance 7% to USD 3.5 billion on demand for multi-cloud services

VMware said revenues for the fourth quarter reached USD 3.53 billion, up 7 percent from the year before's sharply higher results. Subscription and SaaS and license revenue increased 1 percent from the year before to USD 1.90 billion. The operating profit meanwhile fell 22 percent to USD 783 million, with the adjusted operating profit flat at USD 1.14 billion.

GLOBAL 24 FEB 2022

Cloudflare boosts email safety with acquisition of Area 1 Security

Cloudflare has agreed to buy Area 1 Security, a US cybersecurity firm headquartered in California's San Mateo, for USD 162 million in cash and shares. The company supplies pay-for-performance email security services. The preemtive system works with any email offering and will boost Cloudflare's one-click approach to secure all business applications, including cloud and email.

UNITED STATES 19 JAN 2022

Bandwidth welcomes Bottorff to board of directors

US-based communications software company Bandwidth has appointed Rebecca Bottorff, its longtime chief people officer, to its board of directors. The appointment is effective immediately and expands Bandwidth's board to six members, four of whom are independent.

GLOBAL 12 NOV 2021

US signs up to Paris Call for Trust and Security in Cyberspace initiative

The US has signed up for the Paris Call for Trust and Security in Cyberspace initiative, launched by French President Emmanuel Macro in late 2018. The non-binding declaration on common principles aims to preserve an open, secure and peaceful cyberspace. The White House said the US support for the declaration shows the administration's "priority to renew and strengthen America's engagement with the international community on cyber issues."

UNITED STATES 26 AUG 2021

Google, Microsoft, Apple back US govt push for more cybersecurity awareness

The White House has confirmed a meeting between President Joe Biden and major corporate leaders to discuss ways to improve cybersecurity in the US. The summit resulted in several measures announced by Apple, Google, Microsoft and Amazon to improve security in the tech industry. 

UNITED STATES 10 JUN 2021

Biden revokes TikTok ban, issues new order on blocking malicious foreign software

US President Joe Biden has revoked three executive orders issued by his predecessor that sought to ban the use of TikTok, WeChat and eight other Chinese applications in the US due to security concerns. Biden issued a new order aimed at defining better the legal criteria the government can use to exclude malicious foreign software that may pose a security threat. 

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.