



Recent cybersecurity threats such as Log4Shell have increased interest in public-private partnerships and other initiatives to protect open source software.

Leading US tech companies, including Google and GitHub, met at the White House Summit yesterday (January 13) to discuss how to make open source software spaces more secure in the light of recent vulnerabilities.

New standards for open source software security, increased funding for space developers, and public-private partnerships to protect the ecosystem were some of the ideas that emerged at the summit on the future of open source development.

A recent cybersecurity threat with global impact has led the US government to host a summit, including a flaw in Log4Shell that occurred last month.

However, security threats from open source software are not new. The Heartbleed bug revealed in 2014 was a serious flaw in the web encryption software OpenSSL and was one of the first major security threats in the field. At that time, it was thought that as many as 17 pc of secure web servers could be vulnerable.

Mike Hanley, chief security officer on GitHub, told Protocol following the White House Summit, showing that Log4Shell is not the last threat it faces. Open source software.

Google made a series of suggestions at the summit. This includes a public-private partnership to identify a list of important open source projects that will help you prioritize and allocate resources.

“We have proposed to set up an organization that acts as a market for open source maintenance and collate volunteers from companies with the most important projects in need of support,” said Google’s Global Affairs President and Chief. Kent Walker, the legal officer, writes on his blog. Position.

Google’s readiness to provide resources for this effort is also reflected in GitHub, which uses a number of updated tools to help 73 million developers manage vulnerabilities in 2022. In the year, it revealed plans to enhance the game in the field of open source software security.

“Developers don’t necessarily have to be security experts, and they don’t have to, so we’re focused on making it easier to write more secure code in a frictionless way.” Hanley wrote in a blog post.

In addition to the tools, GitHub said it provides developers with skill-up and training opportunities and is ready to find more funding through programs such as the GitHub Security Lab and GitHub sponsors.

Robert Blumofe, chief technology officer and one of the attendees of the summit at Akamai, a U.S. cybersecurity company, shows the U.S. government’s awareness of the importance of open source software in its own right. I told Protocol.

“It would have been completely unthinkable for the government to take a very negative approach and say,’Well, we can’t trust open source,’ or consider open source as a scapegoat.” He added.

