The Log4Shell case is causing a stir. At the beginning of December, a major flaw was discovered in the open source logging tool Log4j. Many web services have been affected such as iCloud, Twitter or even Steam and Minecraft. Following these events, the White House organized a meeting yesterday to discuss the case. Very big fish from the web and tech were present, including Google, Facebook, Amazon but also Apple. The security of open source projects has been discussed, and Google is asking the government to get involved.
Google published a blog post in which it calls for better collaboration between the government and the private sector. If the company regularly injects funds into open source (through donations to associations, a commitment to cybersecurity), it regrets that the security of many important projects is neglected:
For too long, the software community has held fast to the belief that free software is generally safe because of its transparency and the assumption that “many eyes” are there to find and fix problems. But in fact, while some projects do have many eyes, others have few or none at all.
Google observes that there is no official allocation or formal standard to maintain the security of certain pieces of critical code that are used in important public infrastructures. Corrections and work are done on the spot and on a voluntary basis, while increasingly massive projects are based on open source. ” Free software is the connecting fabric of much of the online world. They deserve the same attention and funding we give to our roads and bridges. “, explains the company.
Therefore, Google asks that a public-private partnership be created to better monitor open source projects. It considers that new security and maintenance standards are necessary in order to be able to classify the flaws in order of importance. The aim would also be to allocate resources for the most essential projects, and to anticipate problems in the long term. ” Today’s meeting at the White House was both an acknowledgment of this challenge and an important first step in meeting it. “, concludes the company.