Saturday, April 20, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Log4j, the White House questions Apple, Amazon and Google on security

2 years ago babelfish

Log4j, the White House questions Apple, Amazon and Google on security

The White House met with executives from Apple, Amazon, Google, Meta and IBM and beyond to discuss software security following multiple attacks on the United States that exploited open source software

Apple, Google, Amazon, Facebook and other tech giants called to Washington to explore security threats from open source software addictions.

Yesterday, executives of major US technology companies attended a White House meeting on cybersecurity. The first was reported by Reuters . The meeting comes as a result of multiple attacks on the United States that have exploited open source software.

In December, White House National Security Advisor Jake Sullivan sent a letter to CEOs of tech companies after the discovery of a security vulnerability in open source software called Log4j.

The flaw in Log4j is a zero-day vulnerability (CVE-2021-44228) that first emerged on December 9th. The bug makes the Java language used by millions of web servers vulnerable to attack, and teams around the world are trying to fix affected systems before hackers can exploit them.

In the letter, Sullivan noted that such open source software is widely used. Therefore it represents a "key national security concern".

As Reuters notes, cybersecurity is a top priority for the Biden administration after several major cyber attacks last year.

All the details.

THE MEETING AT THE WHITE HOUSE

At the center of the January 13 meeting, hosted by Deputy National Security Advisor for Information and Emerging Technology, Anne Neuberger, concerns about the security of open source software and how it can be improved. This was stated by the White House in a statement.

COMPANIES THAT HAVE PARTICIPATED

In addition to Apple, Google and Amazon, the other technology companies present at the meeting were: IBM, Microsoft, Meta Platforms which owns Facebook.

The Apache Software Foundation, the owner and maintainer of the Log4j library, and Oracle, the owner of the Java software platform on which the Log4j library runs, also took part in the summit. GitHub and the Linux Open Source Foundation were also represented, according to The Verge .

TOGETHER WITH FEDERAL AGENCIES

In addition, in addition to representatives of the technology industry, government agencies were also present, including the Department of Homeland Security; the Department of Defense and the Department of Commerce. Other agencies include the Cybersecurity and Infrastructure Security Agency (Cisa), the National Institute of Standards and Technology, and the National Science Foundation, according to Cyberscoop .

AFTER SOLARWINDS, THE FEARS ABOUT THE FOUL IN LOG4J

The discovery of the vulnerability in the open source software Log4j therefore made the meeting urgent.

This discussion also comes after incidents including the 2021 SolarWinds hack that gained access to government emails and phones. The violation of the US Treasury Department in 2020 also follows.

In May 2021, well before Log4j's vulnerability was discovered, President Biden issued an executive order on improving US cybersecurity. Among other things, the order required federal government agencies to strengthen their software supply chains "guaranteeing and attesting, to the extent possible, the integrity and provenance of open source software."

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/log4j-la-casa-bianca-interroga-apple-amazon-e-google-sulla-sicurezza/ on Fri, 14 Jan 2022 10:42:05 +0000.