Final week, Cisco’s Head of Open Supply, Stephen Augustus, and I joined almost 100 executives from 37 firms and leaders from the White Home and throughout the U.S. federal authorities in Washington DC on the Open Supply Software program Safety Summit II to finalize an motion plan to spice up the safety of open supply software program (“OSS”). The event of this plan and its efficient implementation are important given how foundational OSS is to so many services and products we use each day to reside, work, study, and play.
Even so-called “proprietary applied sciences” usually embody sizeable blocks of open supply code. That is helpful from an financial standpoint and probably from a safety perspective as properly as a result of it doesn’t require the identical capabilities to be developed over and over. As an alternative, new builders can construct upon and remix what was finished earlier than them. But the numerous advantages of OSS for the whole lot from authorities providers to crucial infrastructure carry accompanying dangers. This shared useful resource requires shared investments of time and vitality.
Current safety incidents involving flaws present in extensively used open supply code, such because the Log4j library, illustrate the issue. Whereas many features of open supply code growth are unlocking new improvements and spurring creativity—there are shared components of dependency during which now we have collectively and chronically underinvested as a society.
This summit—and a previous one hosted on the White Home in January—led to the event of a 10-point motion plan with three main targets: 1) secure OSS manufacturing by specializing in stopping safety defects and vulnerabilities in code and open supply packages, 2) improve the method for vulnerability discovery and remediation, and three) shorten the ecosystem patching response time for distributing and implementing fixes.
As a major shopper of and contributor to OSS, Cisco is already committing important investments in time and assets to enhance the safety of widely-used OSS tasks. Cisco seems to be ahead to becoming a member of peer firms in partnership with authorities to ship on this plan.
Share:
