Is Open Source Ready For Biden’s Executive Order On Cybersecurity?
According to a report by Contrast Security (and there are many such reports), the US-based companies are experiencing 10-12 cyber attacks a year, keeping their security teams at the edge. Last month, attackers almost shut down the whole East Coast by holding a major U.S. gas pipeline hostage to their ransomware.
As our reliance on software increases, our adversaries won’t need conventional warfare, they can break havoc by shutting down grids, gas supply and even food production and distribution.
Responding to the increasing threat of cyberwarfare, the Biden administration released an Executive Order for more transparency in the tech that powers our infrastructure. The good news is that the world is quickly moving towards open-source technologies. If not everything, most things run on some kind of open-source technology. While open source can be relatively more secure than proprietary technologies, depending on the community around a particular project, it’s not immune to bugs and hostile actors. That is why companies must keep a close eye on their open-source software supply chain. They should know what code-base they are using and where it is coming from.
The Linux Foundation has done an incredible job with many projects under its umbrella including the Software Package Data Exchange (SPDX) that helps track software bills of material. We hosted David A. Wheeler, Director of Open Source Supply Chain Security at The Linux Foundation, to talk more about the impact of this executive order on the industry and how well prepared Linux Foundation communities are to help organizations keep their software stack and our infrastructure safe.
by TFiR
linux foundation
