Underscores need for visibility, containment, and information sharing, advocates increased industry support to drive open source software security
- Government and industry should prioritize investments in tools and technologies that can help increase visibility of use of open source, optimally through automated tools.
- Supports strong private-public ownership and vulnerability management for designated critical open source libraries.
- Calls for improvement of information sharing across government, industry, and business.
Akamai Technologies, Inc. (NASDAQ: AKAM), the world’s most trusted solution to power and protect digital experiences, today participated in the White House Open Source Software Security Summit and released the following statement:
Akamai was pleased to participate in the White House Open Source Software Security Summit today, and appreciated the opportunity to share our perspective and recommendations on this important topic. Improving the security of open source software is vital, as it is critical to the internet ecosystem. However, the ability to quickly contain the impact of a vulnerability once it is discovered is equally significant. This meeting was particularly timely, given the recent Log4j vulnerability detection. We applaud the administration’s proactive leadership to tackle this important issue, which, if left unchecked, can have far-reaching negative impacts for both the government and the private sector.
Akamai asserts that businesses must invest time and resources into open source software to ensure continued innovation and security. Akamai has a long history of working with the open source community and contributing to open standards. This includes work with the Internet Engineering Task Force (IETF), World Wide Web Consortium (W3C), Internet Security Research Group (ISRG), OpenSSL, and the Linux Kernel. We are evaluating how we can expand those commitments this year.
Akamai advocates for the following five pillars through continued partnership with our customers — many of which are leaders in their respective industries — and in collaboration with the White House, National Security Council, and broader technology community:
- Increase visibility into reliance on open source technologies — many companies don’t fully know the open source code that lives in their environments. Only by gaining visibility into the network and its code stack can we reliably address security flaws when they occur. Log4j was a black swan event, but serves as a potent reminder that the government and private sector need to prioritize investments into tools and technologies.
- Identify key open source libraries and support strong ownership and vulnerability management — threat actors comb open source libraries to find vulnerabilities like Log4j. The technology community must provide support — via active participation in projects and financial investment — to the open source communities we depend on.
- Build reliable containment plans for when exploits are identified — we are never going to eliminate vulnerabilities, so it’s essential we have effective containment policies in place to help protect businesses and consumers. We can accomplish this via actionable reporting processes and supporting technology solutions.
- Improve cross-government and industry information sharing when vulnerabilities are first identified — the more eyes that we can get on a problem, the quicker the problem can be fixed. By building an information-sharing community of trusted security providers, we can ensure that vulnerabilities are addressed and that patches reach wide distribution faster.
- Expand government authorization of solutions to increase defenses — adversaries evolve quickly, and the government needs to be agile to ensure its defenses can protect important government systems and key infrastructure. In some instances, an emergency authorization of technology from trusted providers would enable fast implementation of solutions not yet FedRAMP certified to quickly enable protection against new threats.
Akamai powers and protects life online. The most innovative companies worldwide choose Akamai to secure and deliver their digital experiences — helping billions of people live, work, and play every day. With the world’s largest and most trusted edge platform, Akamai keeps apps, code, and experiences closer to users — and threats farther away. Learn more about Akamai’s security, content delivery, and edge compute products and services at www.akamai.com, blogs.akamai.com, or follow Akamai Technologies on Twitter and LinkedIn.