The January discussion between technical executives and White House officials is necessary because open source software is widely used but is maintained by volunteers, making it “a major national security concern,” Sullivan said in a report. letter to technology companies, including extracts House shared with journalists.
Guests include software development companies and cloud service providers, according to the White House. A spokesperson for the National Security Council declined to say which companies were invited.
The letter follows the discovery this month of a vulnerability in software known as Log4j that organizations around the world use to store data in their applications.
A spokesperson for the agency told CNN on Thursday that there is no indication that an agency was hacked using the Log4j vulnerability.
Although no U.S. agency has confirmed a breach via the vulnerability, the Belgian Defense Ministry told local media this week that it had shut down parts of its computer network in response to a hack using the vulnerability.
Cyber ââsecurity officials have called the vulnerability one of the most critical software bugs in years and warned that it could take weeks or months to fully assess the impact.
While the world’s richest companies depend on it, the Log4j software is maintained by a group of volunteers from the nonprofit Apache Software Foundation, who worked long hours to correct the flaw.
The vulnerability of Log4j “will define IT as we know it, separating those who go out of their way to protect themselves and those who feel comfortable being careless,” said Amit Yoran, CEO of the security company. Tenable, based in Maryland.
It is precisely this shortage of investment in critical software that the White House wants to remedy.
President Joe Biden issued an executive order in May requiring government-purchased software to meet a minimum set of security standards. The goal is to use the purchasing power of the federal government to trigger increased demand for secure software development in the private sector as well.
Sullivan’s new letter is not the first time the Biden administration has used the White House intimidation chair to lobby tech companies to take action on pressing cybersecurity issues.