Final week, Cisco’s Head of Open Supply, Stephen Augustus, and I joined almost 100 executives from 37 corporations and leaders from the White Home and throughout the U.S. federal authorities in Washington DC on the Open Supply Software program Safety Summit II to finalize an motion plan to spice up the safety of open supply software program (“OSS”). The event of this plan and its efficient implementation are very important given how foundational OSS is to so many services and products we use every single day to stay, work, study, and play.
Even so-called “proprietary applied sciences” usually embody sizeable blocks of open supply code. That is useful from an financial standpoint and probably from a safety perspective as effectively as a result of it doesn’t require the identical capabilities to be developed over and over. As a substitute, new builders can construct upon and remix what was achieved earlier than them. But the various advantages of OSS for every part from authorities companies to important infrastructure carry accompanying dangers. This shared useful resource requires shared investments of time and power.
Current safety incidents involving flaws present in broadly used open supply code, such because the Log4j library, illustrate the issue. Whereas many facets of open supply code growth are unlocking new improvements and spurring creativity—there are shared parts of dependency wherein we have now collectively and chronically underinvested as a society.
This summit—and a previous one hosted on the White Home in January—led to the event of a 10-point motion plan with three main targets: 1) secure OSS manufacturing by specializing in stopping safety defects and vulnerabilities in code and open supply packages, 2) improve the method for vulnerability discovery and remediation, and three) shorten the ecosystem patching response time for distributing and implementing fixes.
As a big shopper of and contributor to OSS, Cisco is already committing important investments in time and assets to enhance the safety of widely-used OSS tasks. Cisco appears ahead to becoming a member of peer corporations in partnership with authorities to ship on this plan.
Share: