Subscribe to our newsletter.
Stay connected
Anne Neuberger, deputy national security adviser for cybersecurity and emerging technologies, and other relevant government officials received a plan that the giant corporations agreed to fund and support, for the purpose of securing the open source software that underpins their technology.
“The Linux Foundation and the Open Source Software Security Foundation (OpenSSF) brought together more than 90 executives from 37 NSC corporations and heads of government, [Office of the National Director of Cyber Security], [Infrastructure Security and Cyber Security Agency] Array [the National Institute of Standards and Technology], [the Department of Energy] and [the Office of Management and Budget] to succeed in consensus on key moves for the resilience and security of open source software,” Array reads in a press release Friday.
The Linux Foundation and the Open Source Security Foundation it supports have published a whitepaper describing the complete plan. A summary provided in the press indicates the spaces that require attention before, during, and after the software progression process.
For the production of open source security, for example, the plan highlights the need to eliminate memoryless coding languages. These languages, such as Cobol and C, would be faster and more efficient, but are more prone to certain vulnerabilities.
The plan would also involve identifying and auditing secure libraries and deploying incident response as needed, facilitated through equipment such as a standardized software material invoice.
According to the statement, the plan “provides an investment of approximately $150 million over two years to advance well-approved solutions. . . The 10 investment flows come with concrete measures for faster innovations and building a foundation forged for a safer future. “
“A subset of committed organizations have come together to jointly dedicate themselves to offering a first tranche of investment for the implementation of the plan,” he added. “These corporations are Amazon, Ericsson, Google, Intel, Microsoft and VMWare, which are committing more than $30 million. As the plan evolves, additional investment will be known and work will begin as individual streams are agreed.
Debates that have been brewing for years about who is to blame for what in a secure software progression procedure and how to shape incentives properly, are boiling over.
Pursuant to Executive Order 14028, the National Institute of Standards and Technology has published and updated a number of new guidance documents for agencies and other corporate consumers to protect their software source chains. the chain of suppliers, such as those that produce basic data and communication technologies, is on the agenda.
At a hearing before the House Science Committee on Wednesday, Brian Behlendorf, executive director of the Open Source Security Foundation, testified about the importance of addressing the security of open source libraries that serve the Internet routing formula in the prioritization context where the network that supports the source software concentrates its attention.
Help us personalize the particular content for you: