Apple will be among several U.S. tech giants to attend a meeting at the White House today to discuss cybersecurity and possible security threats posed by open-source software, Reuters reports.
The meeting will be held by U.S. National Security Advisor Jake Sullivan and will focus on "concerns around the security of open-source software and how it can be improved." The meeting was prompted by concerns around a security vulnerability found in open-source software Log4j.
The vulnerability, which posed a threat to organizations that use Log4j around the world, allowed hackers to control a system and remotely execute malicious code.
According to Sullivan, open-source software such as Log4j presents a "key national security concern" as it is often used and maintained by volunteers. Google, IBM, Meta, Microsoft, and Oracle are also expected to attend the meeting.
Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Top Rated Comments
It's not that simple. open-source CAN be safer, it can also be less safe. In open-source, the exact code is out there for anyone to look at. This means anyone could see any flaws and fix them. It also means that anyone could see any flaws and exploit them.
In closed-source, you can't see the code. It's a much different process to exploit the code. Much harder. There are also less people who have access to the code to fix any flaws. So, flaws will stick around longer.
It's not simple.
Dependency ('https://xkcd.com/2347/')
I am almost certain that there have been more security faults in proprietary systems than well maintained open source projects, because the drive behind open source is a more idealistic than the industries “quick to market / milk them all”
With that being said, especially when it comes to web development and the package repositories I see there, I am more doubtful and careful with using and relying on them. I feel it often moves too fast and the community has a different background than e.g. hardcore Linux developers.