Government

White House to study open source software in critical infrastructure

The Biden administration is looking to understand just how widespread open-source software is in critical infrastructure.

By Christian Vasquez

August 9, 2024

(Getty Images)

LAS VEGAS — A year after asking the hacker community how they can better help protect the open source software that is the foundation of the digital economy, the White House is looking to better secure the ecosystem through a new office dedicated to studying such components in critical infrastructure.

The Office of the National Cyber Director released new details Friday on several projects aimed at securing open source software. The report comes a year after the office asked attendees at DEF CON in 2023 to contribute to a request for information around how to better focus on securing open source software.

The new office runs out of the Department of Homeland Security and will examine the prevalence of open source software present in critical infrastructure and how to secure it, said Nasreen Djouini, senior policy advisor at the Office of the National Cyber Director. The program will have the support of the Department of Energy’s national labs, including at Los Alamos and Lawrence Livermore.

Cyberattacks on open source software by both criminal hackers and nation-backed threats are an increasing concern, as the transparent development process has become a target for malicious activity. What’s more, open source software is largely voluntary, so resources for digital security can be minimal and dependent on the individual contributor or project.

Friday’s report also included a summation of comments submitted to ONCD about how to best secure open source software.

The comments included requests for better resource assistance to developers and maintainers of the software supply chain. Other comments advocated for switching to memory-safe languages like Rust. That’s a transition the Defense Advanced Research Projects Agency is trying to do autonomously.

The Biden administration has made securing open-source software a priority after the Log4J vulnerability exposed the security risks of the open-source ecosystem in 2021.

Experts note that years later vulnerable versions of the Log4J software version are still commonly found in the wild.

White House to study open source software in critical infrastructure

More Like This

Intel officials expect more foreign influence efforts leading up to Election Day

Cyber Command leader says budget powers are shaving time to complete tasks that once took years

White House publishes latest plan to protect a key component of the internet

Top Stories

Major Iranian IT vendor paying large ransom to resolve recent cyberattack

Russian, Kazakhstani men living in Miami indicted over cybercrime training service

More Scoops

Zero trust: How the ‘Jia Tan’ hack complicated open-source software

Biden’s cybersecurity legacy: ‘a big shift’ to private sector responsibility

White House wants to boost cyber funds for fiscal 2026

Researchers uncover rare, difficult-to-exploit OpenSSH vulnerability

Congress needs to step in on cybersecurity harmonization, White House official says

Chinese hacking threat puts focus on protecting critical infrastructure, Biden adviser says

The missed opportunities in White House’s critical infrastructure directive

Latest Podcasts

Ted Schlein on the cybersecurity industry and the latest twist in the Trump-Iran hacking saga

Hack-and-leak op targets Trump; a technical deep dive with John Hammond on the CrowdStrike outage

A deep dive with Tim Starks on the Biden administration’s cybersecurity initiatives

Stay ahead of cyber threats with automated testing measures

Government

Technology

Threats

Geopolitics