Open-source software was one of the main agendas of a recent meeting at the White House, wherein the potential national security risks it poses were discussed in light of the recent Log4j attacks.
The meeting involved executives from several Big Tech establishments like Facebook, Microsoft, Google, Amazon, and Apple, among others, meeting with several officials of the Biden administration, according to Gizmodo.
Open-source programs and the code they have (which can be used or edited by anybody) is now being deliberated on regarding its apparent lack of official oversight. This links back to the recent Log4j attacks, which saw multiple companies beef up their cybersecurity measures to protect against hackers who might be using the website logging framework.
For the uninitiated, Log4j is classified as open-source. Big Tech basically advised the White House that this kind of software should now be under close watch, as it could pose a potential threat to national security.
Kent Walker, who serves as the President of Global Affairs and Chief Legal Officer of Google, stated that open-source programs are no longer that secure, which is a direct opposite of how the public has viewed it over the years.
Originally, open-source code was seen as secure because it is transparent, with "many eyes" watching it to detect, analyze, and solve any problems. But Walker argues that while some projects are indeed closely monitored, others barely have anyone or anything overseeing them.
National security advisor Jake Sullivan agrees. He described open-source security as a critical national security issue, in a report by The Verge detailing the meeting between the White House and Big Tech.
This news comes after the Biden administration called for the improvement of the United States' cybersecurity infrastructure back in August of last year. In the meeting, Google and Microsoft pledged a massive $30 billion in funding to help in the efforts.
Is Open-Source Software Really THAT Dangerous?
In the wrong yet capable hands, open-source programs can do far more damage than you think. This is actually why numerous developers of these programs have clamored for official regulation for years.
There are multiple risks posed by this kind of software, according to Infocyte. First and foremost is the overall transparency of the code. Almost everything about these programs is public knowledge-even their security vulnerabilities.
Anybody with ill intent (and the programming skills to boot) could easily look up the software, exploit these vulnerabilities, and do almost anything they want. They can even choose to breach digital infrastructure that run critical sectors such as healthcare, finance, and even national defense.
This is already evident in recent news. A developer named Marak Squires was recently suspended after he allegedly corrupted GitHub and Npm open-source libraries. Squires, who is a relative nobody, basically proved that almost anyone out there can tamper with the software and cause widespread digital havoc.
For more updates on this topic, just check back here at Tech Times.
Related Article : Log4j Flaw Now Being Used to Exploit New NightSky Ransomware on VMware Horizon Platform
This article is owned by Tech Times
Written by RJ Pierce
