Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders.
Among the attendees are companies like Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites.
“Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements,” a senior administration official said in advance of the meeting.
The huddle convenes in light of a vulnerability discovered last month known as Log4Shell that could affect up to hundreds of millions of devices, and as federal officials, businesses and security researchers race to contain the potential fallout.
It’s the latest of several Biden White House summits on cybersecurity. The open-source software security session stems from an invitation from national security adviser Jake Sullivan, and will be hosted by the National Security Council’s Anne Neuberger, a deputy adviser.
“Open source software has accelerated the pace of innovation and has driven tremendous societal and economic benefits, but the fact that it is broadly used and maintained by volunteers is a combination that is a key national security concern, as we are experiencing with the log4j vulnerability,” the senior official said.
“This problem is not new,” the official continued. “At this meeting, together we will discuss existing efforts to address it, what has worked and what else can be done to secure the open source software that we all fundamentally rely on.”
The full tech participant list includes Akamai, Amazon, Apache Software Foundation, Apple, Cloudflare, Facebook/Meta, GitHub, Google, IBM, Linux Open Source Foundation, Microsoft, Oracle, RedHat and VMware.
Feds attending include representatives from the departments of Commerce, Defense, Energy and Homeland Security, as well as agencies like the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, the National Science Foundation, the Office of the National Cyber Director and the Office of Science and Technology Policy.