Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
224024 ZDNET 2022-1-13:
Log4j: Google and IBM call for list of critical open source projects
1.000 Find similar Compare side-by-side
223925 THEVERGE 2022-1-13:
Google calls for new government action to protect open-source software projects
0.963 0.736 Find similar Compare side-by-side
224018 ZDNET 2022-1-13:
After Log4j, White House fears the next big open source vulnerability
0.958 0.604 Find similar Compare side-by-side
224318 ZDNET 2022-1-16:
For security alone, we could try paying open source projects properly
0.470 Find similar Compare side-by-side
224016 ZDNET 2022-1-13:
Wireshark creator joins Sysdig to extend it to cloud security
0.002 0.415 Find similar Compare side-by-side
224071 ZDNET 2022-1-13:
EVerest: The open source software stack for EV charging infrastructure
0.377 Find similar Compare side-by-side
224067 ZDNET 2022-1-13:
When open-source developers go bad
0.007 0.376 Find similar Compare side-by-side
224273 VENTUREBEAT 2022-1-17:
Device42 aims to identify Log4j vulnerabilities
0.365 Find similar Compare side-by-side
224075 ZDNET 2022-1-13:
IBM, Clemson, Linux Foundation join forces for sustainable crop information platform
0.351 Find similar Compare side-by-side
224308 ZDNET 2022-1-14:
Attack Surface Management: Where is the market going?
0.323 Find similar Compare side-by-side
223699 TECHREPUBLIC 2022-1-10:
The rise of the CISO: The escalation in cyberattacks makes this role increasingly important
0.319 Find similar Compare side-by-side
223815 ZDNET 2022-1-10:
CISA director: 'We have not seen significant intrusions' from Log4j -- yet
0.311 Find similar Compare side-by-side
224069 ZDNET 2022-1-13:
Google Meet calls get live translated captions
0.295 Find similar Compare side-by-side
223994 ZDNET 2022-1-13:
New York Power Authority to beef up cybersecurity with new IronNet, AWS deal
0.293 Find similar Compare side-by-side
223821 TECHREPUBLIC 2022-1-10:
URL parsing: A ticking time bomb of security exploits
0.285 Find similar Compare side-by-side
223681 TECHREPUBLIC 2022-1-12:
US government urges organizations to prepare for Russian-sponsored cyber threats
0.284 Find similar Compare side-by-side
223892 ZDNET 2022-1-11:
CISA adds 15 exploited vulnerabilities from Google, IBM, Microsoft, Oracle and more to catalog
0.283 Find similar Compare side-by-side
223714 TECHREPUBLIC 2022-1-11:
9 ways that cybersecurity may change in 2022
0.266 Find similar Compare side-by-side
223937 VENTUREBEAT 2022-1-12:
SAP supply chains need zero trust to reach enterprise cybersecurity
0.261 Find similar Compare side-by-side
223813 ZDNET 2022-1-10:
Best online information systems security degrees 2022: Top picks
0.257 Find similar Compare side-by-side
223784 ARSTECHNICA 2022-1-11:
Google in last-ditch lobbying attempt to influence incoming EU tech rules
0.255 Find similar Compare side-by-side
223704 ARSTECHNICA 2022-1-10:
Developer sabotages his own apps, then claims Aaron Swartz was murdered
0.247 Find similar Compare side-by-side
224173 THEVERGE 2022-1-17:
Google fixes issue with the Assistant’s white noise sound that had sparked user outcry
0.246 Find similar Compare side-by-side
223733 VENTUREBEAT 2022-1-11:
Sverica Capital Management Announces the Promotions of Michael Dougherty to Principal and Doug Patrican to Vice President
0.245 Find similar Compare side-by-side
224033 ZDNET 2022-1-13:
US Cyber Command links MuddyWater to Iranian intelligence
0.235 Find similar Compare side-by-side

1

ID: 224024

URL: https://www.zdnet.com/article/log4j-after-white-house-meeting-google-calls-for-list-of-critical-open-source-projects/

Date: 2022-01-13

Log4j: Google and IBM call for list of critical open source projects

After attending a meeting at the White House, Google also proposed creating an organization to serve as a marketplace for open source maintenance. Google and IBM are urging tech organizations to join forces to identify critical open source projects after attending a White House meeting on open source security concerns.  The meeting, led by White House cybersecurity leader Anne Neuberger, included officials from organizations like Apache, Google, Apple, Amazon, IBM, Microsoft, Meta, Linux, and Oracle as well as government agencies like the Department of Defense and the Cybersecurity and Infrastructure Security Agency (CISA). The meeting took place as organizations continue to address the Log4j vulnerability that has caused concern since it was discovered in December.  Kent Walker, president of global affairs at Google and Alphabet, said that, given the importance of digital infrastructure to the world, it is time to start thinking of it in the same way we do our physical infrastructure.  "Open source software is a connective tissue for much of the online world -- it deserves the same focus and funding we give to our roads and bridges," Walker said. In a blog post, Walker explained that during the meeting, Google floated several proposals for how to move forward in the wake of the Log4j vulnerability.  Walker said a public-private partnership is needed to identify a list of critical open source projects, and criticality should be determined based on the influence and importance of a project. The list will help organizations prioritize and allocate resources for the most essential security assessments and improvements.   IBM's enterprise security executive Jamie Thomas echoed Walker's comments and said the White House meeting "made clear that government and industry can work together to improve security practices for open source." "We can start by encouraging widespread adoption of open and sensible security standards, identifying critical open source assets that should meet the most rigorous security requirements, and promoting a collaborative national effort to expand skills training and education in open source security and reward developers who make important strides in the field," Thomas said.  Walker touted the work of organizations like the OpenSSF -- which Google invested $100 million into -- that are already seeking to create standards like this.  The best VPN services Every remote worker should consider a virtual private network to stay safe online. Read More He also said Google proposed setting up an organization to serve as a marketplace for open source maintenance, matching volunteers from companies with the critical projects that most need support. He noted that Google was "ready to contribute resources" to the move.  The blog post notes that there is no official resource allocation and few formal requirements or standards for maintaining the security of critical open source code. Most of the work to maintain and enhance the security of open source, including fixing known vulnerabilities, "is done on an ad hoc, volunteer basis." "For too long, the software community has taken comfort in the assumption that open source software is generally secure due to its transparency and the assumption that 'many eyes' were watching to detect and resolve problems. But in fact, while some projects do have many eyes on them, others have few or none at all," Walker said.  Joe Brockmeier, the Apache Software Foundation's vice president of marketing, said in a statement that there is no single "silver bullet" to solving the security issues inherent to the open source supply chain. He added that "the path forward will require upstream collaboration by the companies and organizations that consume and ship open source software. " Tech giant Akamai, which also had representatives at the White House meeting, backed many of the measures suggested by Google and IBM, adding that governments and the technology community need to build reliable containment plans for when exploits are identified, improve cross-government and industry information sharing when vulnerabilities are first identified and expand government authorization of solutions to increase defenses. Boaz Gelbord, Akamai chief security officer, told ZDNet that a key takeaway from the meeting was the collective recognition that more needs to be done to support the open source community to thrive within the ever-evolving threat landscape.  "As a prominent supporter of open source and open standards, Akamai sees a specific need for increased information sharing, strong vulnerability management, and building out containment plans to contain the blast radius of attacks," Gelbord said. "We look forward to expanding our efforts in the open source community and contributing to the important next steps coming out of this White House meeting."