Log4J impels White House to discuss software security with global tech cos
With Log4J flaw continuing to wreak havoc among IT industries globally, the White House said that it will be meeting the leaders of global technology companies Google, Apple and Amazon today to discuss software security, citing a surge in cyber attacks in last one year, according to a Reuters’ report.
A critical vulnerability called Log4Shell, was detected last month in widely used open-source logging software Apache Log4J, which has been exploited by attackers to target organisations all over the world, including India.
Also read: ‘Log4j flaw can potentially affect 3 out of 10 websites across globe’
The National Security Advisor for the White House, Jake Sullivan, had sent a letter to the leaders of technology companies after Log4J had put global IT firms at the risk of hacks.
On December 23 2021, Sullivan wrote to representatives of software companies to discuss the security of open-source software, according to a Bloomberg report.
The letter requested for a one-day discussion in January, hosted by the Deputy National Security Advisor for Cyber and Emerging Technologies, Anne Neuberger.
It further said that open source software, which is maintained, updated and used by the public and volunteers was a “key national security concern”.
The meeting is expected to discuss how the security of open-source software can be improved.
Apart from Google, Amazon and Apple, other companies which may take part in the meeting include IBM, Meta, Microsoft and Oracle, among others.
The government departments in attendance will be the Deparment of Homeland security, Department of Defense and the Commerce Department.
Also read: New Log4J flaw puts 41% of Indian corporates at risk of hacks
A Microsoft report on December 11, last year, said that the flaw could be exploited by hackers to steal large amounts of credential data.
Another December analysis by Cybersecurity Company CheckPoint estimated that 41% of corporate networks in India had faced an attempted exploit.