At the end of last year, the flaw in the Log4J library of Java shocked the world of cybersecurity being used by millions of criminals to invade and compromise data from various systems across the planet. And, considering the origin open source of the affected repository, debates about these types of applications and their uses in technology have intensified.
Log4JShell failure hit one of the repositories open-source most popular and used of Java, and only required sending a few lines of custom code to a connected computer — allowing the propagation of different malicious activities, which caused a wide spread of attacks using it all over the world.
The fact that this failure is open source, that is, open source, ended up creating varied questions about the importance of this type of application in the world technology scenario. To clarify any of these doubts, the Kenyannews interviewed Mike Hanley, Chief Executive of Security at GitHub, who attended a January White House meeting on open source software, the White House Summit. The event was also attended by companies such as Apple and Google.
Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
The definition of open source and industry challenges
The conversation opened with Hanley defining what is open-source currently in the context being discussed after LogJ4 failed. For the executive, open source software, in a few decades, has grown to become an essential part of the industry’s infrastructure, being present in at least 99% of the world’s software – and flaws such as the one in the Java repository and the one that reached the SolarWinds last year reinforces the need for companies like GitHub to support developers of this code.
But at the same time, Hanley highlights that new challenges in the sector became evident after exploring these flaws, highlighting the need to train developers from the most different environments on the issue of virtual security: “Developers come from different backgrounds and we need to train them through sustainable mechanisms that serve both them and the communities of which they are a part”, explains the executive.
The executive also highlights the need for companies like GitHub to support open-source developers more broadly, to facilitate the development process and security check of solutions.
Some of the examples cited from GitHub about these solutions were the company’s focus on helping to automatically implement security measures in the workflow of developers so that they can focus on programming without major worries and without losing their autonomy.
White House meeting set course for future of open-source security
The conversation also covered the cybersecurity-focused event hosted by the White House in late January, with Hanley explaining some of the steps big tech companies will take to support the open-source sector.
According to the executive, the event reinforced the importance of commitment and partnerships between public and private technology sectors, citing as an example the OpenSSF, an initiative created by GitHub focused on improving the security of these applications. “An example of why this collaboration is so important is that each stakeholder can have a perspective on which issues are most critical. Through forums like the White House Summitand also through OpenSSF, we can work together towards consensus.”
Closing the conversation, the executive also highlights that GitHub will continue to focus on investments to help developers and projects that live on and around GitHub to remain safe.
