Tech execs met with officials from the White House to discuss how to reduce cyber threats and improve cybersecurity recognition and troubleshooting tools.
The White House met with officials from the tech industry last month to discuss ways to improve the cybersecurity of open source frameworks and applications, alongside initiatives to accelerate software improvements.
As more of America’s infrastructure is brought online, the US government has become more involved in the cybersecurity standards and measures of the private sector.
At the event, tech executives from Akamai, Amazon, Apache Software Foundation, Apple, Cloudflare, Facebook/Meta, GitHub, Google, IBM, the Linux Foundation, the Open Source Security Foundation, Microsoft, Oracle, RedHat and VMWare were present.
Three key discussions took place during the event: preventing security defects in open source packages, improving the tools built for spotting these issues and shortening the response time needed for fixes.
One of the ways to improve security suggested at the discussion was additional security features integrated into the development tools used by many of the organizations present. Automatic flagging tools and AI could prevent developers from human errors that lead to vulnerabilities.
Another way to improve security defects brought up in the discussion was securing the infrastructure used to build and distribute code, through the use of code signing, which confirms the author and validates that the code has not been tampered, and the use of stronger digital identities.
To improve the tools for spotting security defects, participants suggested that more clarity should be given to the importance of open source projects and adequate resources should be provided to push improvements to prioritized projects.
Open source projects should also be maintained in a sustainable way, through the use of well-funded organizations that can handle large scale, critical open source packages.
The final discussion point has already been addressed as part of the President’s executive order to accelerate and improve the use of Software Bills of Material. Participants agreed that the industry should provide further clarity as to what is in the software purchased and used.
The meeting was called by White House national security adviser Jake Sullivan, in response to the Log4j vulnerability, which was recognized by the Alibaba Cloud Security Team in December 2021. Cybersecurity company Tenable called it “the most critical vulnerability of the last decade.”
It is part of President Biden’s commitment to improve cybersecurity, an executive order which he signed in May 2021. Further discussions are planned to follow up on the topics brought up at the meeting, alongside other events hosted by the White House on cybersecurity.
Speaking on the meeting, Sullivan said: “It was an incredibly constructive discussion about ways that the public sector and the private sector can work effectively together to ensure that public sector systems are more robust and resilient and private sector systems are more robust and resilient. I’ll leave it at that. And we will try to develop, along with the participants in that meeting, an agreed readout so that we’re not betraying any confidences.”