Top executives from some of the world’s largest tech companies met with White House officials Thursday to discuss ways to boost the security of the open-source software behind everything from consumer gadgets to massive industrial systems.
The White House said that those who participated, which included representatives from the likes of Apple, Google and Microsoft, had a “substantive and constructive” discussion. The White House stated that discussions will continue in the coming weeks.
Get the CNET Daily News newsletter
Catch up on the most important news stories in just minutes. Every weekday.
The meeting came in the wake of last month’s discovery of Log4j, a massive security flaw in the popular open-source Java-logging library Apache Log4j. Cyberattackers could exploit the bug if it is not fixed or patched. This poses huge risks to large swathes of the internet.
Thursday’s discussion focused on how to prevent security vulnerabilities in open-source software, as well as how to improve the process for finding and fixing bugs and how to speed up the patching process, the White House said.
Executives who attended the meeting called it valuable and pledged to work with the government to boost open-source software security.
“All types of software face threats from cybercriminals and malicious actors, and in many ways open source software, with its inherent transparency, can be more secure than proprietary software,” Jamie Thomas, general manager for strategy and development for IBM Systems, said in a statement after attending the event.
Kent Walker, president for global affairs and chief legal officer for Google and Alphabet, said that given its importance, it’s time to start thinking about digital infrastructure the same way we do our physical infrastructure.
“Open source software is a connective tissue for much of the online world — it deserves the same focus and funding we give to our roads and bridges,” Walker said in a statement after the event.
Red Hat, one of the largest open-source software companies, sent a trio of executives to the meeting and released a statement afterward calling on both open-source and proprietary software makers to maintain greater visibility into their software, take responsibility for its life cycle and make security data publicly available.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, has said that the sheer scope of the Log4j issue, which affects tens of millions of internet-connected devices, makes it the most serious she’s seen in her career.
As of Monday, no federal agencies had been compromised as a result of the bug and no major cyberattacks had been reported in the US. So far, most of the attempts to exploit the bug have been focused on low-level crypto mining or on drawing devices into botnets, according to Easterly.
The top White House officials in attendance Thursday were Chris Inglis, national cyber director, and Anne Neuberger, the deputy national security advis