White House to discuss software development with tech executives, calling it ‘key national security concern’


The January discussion between tech executives and White House officials is needed because open-source software is widely used but is maintained by volunteers, making it “a key national security concern,” Sullivan said in a letter to tech firms, excerpts of which the White House shared with reporters.

Invitees include software development firms and cloud service providers, according to the White House. A National Security Council spokesperson declined to say which companies had been invited.

The letter follows the discovery this month of a vulnerability in software known as Log4j that organizations around the world use to log data in their applications.

Ransomware gangs and hackers linked with the governments of China, Iran, North Korea and Turkey have moved to exploit the flaw as tech firms and government agencies have raced to apply software patches.
The US Cybersecurity and Infrastructure Security Agency, which has said that hundreds of millions of devices could be exposed to the vulnerability, issued an “emergency directive” on December 17 ordering federal civilian agencies to update their systems.

An agency spokesperson told CNN on Thursday that there is no indication that any agency has been hacked using the vulnerability in Log4j.

While no US agencies have confirmed a breach via the vulnerability, the Belgian Defense Ministry told local media outlets this week that it had shut down parts of its computer network in response to a hack using the flaw.

Cybersecurity executives have called the vulnerability one of the most critical software bugs in years and warned that it could take weeks or months to fully assess the impact.

While the world’s richest companies rely on it, the Log4j software is maintained by a group of volunteers at the nonprofit Apache Software Foundation, who have worked long hours to address the flaw.

The vulnerability in Log4j “will define computing as we know it, separating those that put in the effort to protect themselves and those comfortable being negligent,” said Amit Yoran, the CEO of the Maryland-based security firm Tenable.

It’s precisely that dearth of investment in critical software that the White House wants to address.

President Joe Biden in May…

Source…