(Bloomberg) -- White House officials are asking major software companies and developers to work with them to improve the security of open-source software, according to an administration official.
The invitation follows the disclosure of a vulnerability in popular open-source Apache software that cybersecurity officials have described as one of the most serious in recent memory.
In a letter Thursday, National Security Advisor Jake Sullivan invited major players in the software industry to discuss initiatives to improve open-source software security, the official said. Dozens of open-source software projects have become crucial components of global commerce and are mostly maintained by volunteers.
The effort will start with a one-day discussion in January hosted by Anne Neuberger, the deputy national security advisor for cyber and emerging technology, according to the official.
In the letter, Sullivan wrote that open-source software has accelerated the pace of innovation but pointed out that the fact that it is broadly used and maintained by volunteers is a “combination that is a key national security concern, as we are experiencing with the Log4j vulnerability,” the official said.
Log4j is a piece of software that developers can put into applications to log anything from mundane operations to critical alerts. It is maintained by a group of volunteer programmers as part of the nonprofit Apache Software Foundation.
The flaw, which could allow a hacker to remotely take over a computer, was discovered last month by an employee at Alibaba Group Holding’s Ltd. cloud-security team.
©2021 Bloomberg L.P.