White House to discuss software development with tech executives, calling it ‘key national security concern’
The January discussion between tech executives and White House officials is needed because open-source software is widely used but is maintained by volunteers, making it “a key national security concern,” Sullivan said in a letter to tech firms, excerpts of which the White House shared with reporters.
Invitees include software development firms and cloud service providers, according to the White House. A National Security Council spokesperson declined to say which companies had been invited.
The letter follows the discovery this month of a vulnerability in software known as Log4j that organizations around the world use to log data in their applications.
An agency spokesperson told Fintech Zoom on Thursday that there is no indication that any agency has been hacked using the vulnerability in Log4j.
While no US agencies have confirmed a breach via the vulnerability, the Belgian Defense Ministry told local media outlets this week that it had shut down parts of its computer network in response to a hack using the flaw.
Cybersecurity executives have called the vulnerability one of the most critical software bugs in years and warned that it could take weeks or months to fully assess the impact.
While the world’s richest companies rely on it, the Log4j software is maintained by a group of volunteers at the nonprofit Apache Software Foundation, who have worked long hours to address the flaw.
The vulnerability in Log4j “will define computing as we know it, separating those that put in the effort to protect themselves and those comfortable being negligent,” said Amit Yoran, the CEO of the Maryland-based security firm Tenable.
It’s precisely that dearth of investment in critical software that the White House wants to address.
President Joe Biden in May issued an executive order that requires software the government buys to meet a minimum set of security standards. The goal is to use the federal government’s buying power to trigger more demand for secure software development in the private sector, too.
The new letter from Sullivan is not the first time that the Biden administration has used the bully pulpit of the White House to prod tech firms into taking action on pressing cybersecurity issues.