After Log4J, White House worries about the next big open source flaw

The White House is holding a meeting today with Apache, Google, Apple, Amazon and other major tech organizations to discuss software security and open source tools in the wake of the Log4J vulnerability that has caused shockwaves throughout the world since it was discovered in December. 

White House National Security Advisor Jake Sullivan asked for the meeting in December, noting in a letter to the companies that it was a “national security concern” for foundational open source software to be maintained by volunteers. 

The meeting, led by White House cybersecurity leader Anne Neuberger, will include officials from companies like IBM, Microsoft Corp, Meta, Linux and Oracle as well as government agencies like CISA, the Commerce Department and the Defense Department. 

Chris Inglis, National Cyber Director, said on Thursday that the situation around Log4J “has highlighted the need to improve our software security and the transparency of our software supply chain.” 

“Enjoying the discussion with White House National Security Council and leading open source project managers about how to bring coherence to federal efforts to increase software resilience,” Inglis said. 

The Apache Software Foundation, which manages Log4J and is run by volunteers, released a bevy of documents ahead of the meeting explaining their stance and their

Read More: