White House National Security Advisor Jake Sullivan has invited major tech firms to discuss ways that the cybersecurity of open-source software can be improved, Bloomberg reported on Thursday.
According to Bloomberg, the tech firms include “major software companies and developers.” Cloud providers are also reportedly among the invited companies.
Anne Neuberger, deputy national security advisor for cyber and emerging technology, will reportedly host a one-day discussion in January with representatives of the invited tech companies. The discussion will involve “company officials responsible for open-source projects and security,” according to Reuters.
The White House’s invitation to tech companies comes a few weeks after the discovery of a critical vulnerability in Log4j, a widely used open-source tool. In a letter to the invited tech firms, Sullivan reportedly stated that the popularity of open-source software projects and the fact that they’re maintained by volunteers is a “combination that is a key national security concern, as we are experiencing with the Log4j vulnerability.”
A real problem is that due to rabid insistence by hard core FOSS advocates who are usually tenured at a university and thus have a good salary, Open source maintainers are not really allowed to make any money, whilst uptake and complexity of their software has grown massively, making it an uphill slog maintaining the software for no renumeration whatsoever.