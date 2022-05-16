U.S. markets close in 5 hours 17 minutes

  • S&P 500

    4,010.40
    -13.49 (-0.34%)
     

  • Dow 30

    32,147.49
    -49.17 (-0.15%)
     

  • Nasdaq

    11,716.96
    -88.04 (-0.75%)
     

  • Russell 2000

    1,799.39
    +6.72 (+0.38%)
     

  • Crude Oil

    111.43
    +0.94 (+0.85%)
     

  • Gold

    1,811.90
    +3.70 (+0.20%)
     

  • Silver

    21.47
    +0.46 (+2.21%)
     

  • EUR/USD

    1.0406
    -0.0011 (-0.10%)
     

  • 10-Yr Bond

    2.8730
    -0.0620 (-2.11%)
     

  • GBP/USD

    1.2262
    0.0000 (-0.00%)
     

  • USD/JPY

    129.1670
    -0.0180 (-0.01%)
     

  • BTC-USD

    29,642.09
    -289.08 (-0.97%)
     

  • CMC Crypto 200

    664.49
    +421.81 (+173.81%)
     

  • FTSE 100

    7,453.11
    +34.96 (+0.47%)
     

  • Nikkei 225

    26,547.05
    +119.40 (+0.45%)
     

Tech giants pledge $30M to boost open source software security

Carly Page
·2 min read

Tech giants including Amazon, Google and Microsoft have pledged millions of dollars to bolster the security of open source software.

The pledge was made during a meeting in Washington DC last week, which saw open source leaders, headed up by the Linux Foundation and the Open Source Software Security Foundation (OpenSSF), share their plans for enhancing the security of the software supply chain.

The industry gathering, which was attended by government leaders and over 90 executives from 37 companies, is a follow up to the historic White House summit in January convened in the wake of the Log4Shell zero-day vulnerability in January. The flaw affected the Apache’s Log4j library, a ubiquitous logging software, which put millions of devices worldwide at risk. But according to a study from March, almost a third of instances remain unpatched.

During last week’s meeting, companies including Amazon, Ericsson, Google, Intel, Microsoft, and VMware pledged a collective $30 million to fund a 10-point plan that aims to boost the security of open source software. Designed by the Linux Foundation and OpenSSF, the first-of-its-kind initiative aims to secure the production of open source code, improve vulnerability detection and remediation, and shorten patching response time. This will include the creation of a software bill of materials, known as an SBOM, allowing companies to gain visibility of the software that they are using in their tech stack.

The so-called Software Supply Chain Security Mobilization Plan also calls for security education for everyone working in the open source community, the elimination of non-memory safe programming languages like C+ and COBOL, and for annual third-party code reviews of 200 of the most critical open source software components.

The ultimate goal is to find and fix vulnerabilities like Log4Shell faster in an effort to better protect the U.S. from malicious cyberattacks that exploit insecure software platforms and devices.

“What we are doing here together is converging a set of ideas and principles of what is broken out there and what we can do to fix it,” said Brian Behlendorf, executive director of OpenSSF. “The plan we have put together represents the 10 flags in the ground as the base for getting started. We are eager to get further input and commitments that move us from plan to action."

Google Cloud also announced during the summit that it would launch an open source maintenance crew, a team of dedicated engineers that will work with upstream maintainers in order to boost the security of various open source projects.

Open source developers, who work for free, are discovering they have power

Recommended Stories

  • The Sandman: Watch First Footage of Gwendoline Christie as Lucifer

    Never before has such a simple pleasantry sounded so devilishly delightful. “Hello Dream,” Gwendoline Christie‘s Lucifer asks in new Sandman footage released today. “Are you well?” The clip is part of a sizzle real that Netflix put together to kick off its Geeked Week ’22, a five-day virtual celebration of the streamer’s genre content that […]

  • LFG Reserves Dwindle to Just 313 Bitcoins From 80K After UST Crash

    The Luna Foundation Guard (LFG), official stewards of Terra’s bitcoin reserves, released a statement today documenting how they disbursed millions of dollars worth of crypto in defense of failed UST stabelcoin’s $1 peg.

  • Cybersecurity Stocks To Buy And Watch As Earnings Reports Roll In

    The best cybersecurity stocks to own are changing amid a shift to remote work and cloud security. Now ransomware attacks are impacting budgets.

  • This Stock Is No. 1 on My Buy List

    In the four years I've been following it, Appian's stock price has doubled, running up 105%. While I was reviewing Appian's recent earnings report for one of the Fool's video services, I had the opportunity to dig a little deeper into the Appian story. Appian offers a cloud platform where software is simplified.

  • Hitting the Books: Why we need to treat the robots of tomorrow like tools

    In their new book, The Digital Mindset, authors Paul Leonardi and Tsedal Neeley make the case for treating tomorrow's humanoid robots like products, not peers.

  • Businesses Could Lose Money from QR Codes

    The resurgence of QR codes occurred during the pandemic as businesses found a simple way for consumers to scan menus, pay bills and sign up for events. The bottom line is that QR codes are tampered with because it is a way to make money, Alex Hamerstone, director of advisory solutions at TrustedSec, a Strongsville, Ohio-based ethical hacking and cyber incident response company, told TheStreet. "Scammers go where they can make money or steal personal information (to use to make money) and as QR codes continue to become more common, scammers will continue to gravitate towards them," he said.

  • Marriott to Debut Ad Network to Reach Travelers Via App and Room TVs

    Marriott International said on Monday it would shortly launch a media network to let advertisers reach its guests via the hotel group’s app and websites and, someday, the TVs in its guestrooms. Marriott and a few advertisers will test the media network in the U.S. and Canada in the next two weeks. The hotel group […]

  • Amazon's Fire TV sale cuts its streaming devices by up to 42 percent

    Amazon is knocking up to 42 percent off most of the Fire TV Stick streaming devices in its lineup, making it a good time to update or increase your streaming capabilities.

  • Uber Eats is launching two autonomous delivery pilots in Los Angeles

    Uber Eats is launching not just one but two autonomous delivery pilots today in Los Angeles,

  • The Envoy Gateway project wants to bring Envoy to the masses

    The Cloud Native Computing Foundation (CNCF) is hosting its semi-annual Kubecon+ CloudNativeCon conference this week, so it's maybe no surprise that we'll hear quite a bit of news around open-source cloud infrastructure projects in the next few days. In addition, the CNCF is also merging two existing CNCF API gateway projects, Contour and Emissary, with Envoy Gateway. Both of these projects were already building out API gateway features for Envoy, but the CNCF argues that this new approach will allow the community to converge around a single Envoy-branded API gateway core.

  • A USB-C iPhone could be part of a broader move away from Lightning for Apple

    Apple may be planning a broader move away from its proprietary Lightning port than was initially suggested in reports earlier in the week.

  • 'This baby does the job': Amazon's No. 1 bestselling car vac is now $25, but only 'til midnight

    Over 13,000 shoppers are obsessed with this little guy.

  • This Week in Apps: Google I/O wraps, a new ARCore API, Twitter deal drama

    Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy. The app industry continues to grow, with a record number of downloads and consumer spending across both the iOS and Google Play stores combined in 2021, according to the latest year-end reports. Global spending across iOS, Google Play and third-party Android app stores in China grew 19% in 2021 to reach $170 billion.

  • TP-Link's new smart home line includes affordable 2K security cameras

    TP-Link has unveiled a new line of smart home devices that include budget 2K cameras and an RGB light strip.

  • From targeting to navigation, handheld devices are merging tech and tactics

    For ground-based observers calling in fires on a target, the observer historically worked with a radio and a pair of binoculars, or a bulky laser guidance system to get the job done. But systems have become more more precise and portable over the decades.

  • China's April coal output leaps 11% on year, but demand downturn looms

    China's daily coal output in April jumped 11% from the same month a year earlier, boosted by Beijing's order to increase supply to ensure security of the country's energy supply, but the volume dropped from a record high set in March. China, the world's top coal producer, mined 362.8 million tonnes of the fuel last month, data from the National Bureau of Statistics showed on Monday, equivalent to 12.09 million tonnes per day. China is aiming at lifting daily coal output above 12.6 million tonnes and building a national inventory of 620 million tonnes to ensure it has sufficient supply.

  • China Data, Global Stocks, US Consumer: 3-Minute MLIV

    Mark Cudmore and Anna Edwards break down today's key themes for analysts and investors on "Bloomberg Markets Europe." For up to the minute market intelligence and insight, click MLIV .

  • Oracle Corp. reports drop in shares tendered by Cerner Corp. stockholders

    The Austin-based tech company offered a report on the progress of its tender offer to buy Cerner in a recent release.

  • Asia’s Richest Man Forges $10.5 Billion Deal With Holcim

    (Bloomberg) -- Swiss building-materials firm Holcim Ltd. agreed to sell its Indian operations to local billionaire Gautam Adani, currently the richest person in Asia, another step in Chief Executive Officer Jan Jenisch’s pivot away from traditional cement.Most Read from BloombergGoldman’s Blankfein Says US at 'Very, Very High Risk' of RecessionHow Omicron Infection Turbo-Charges Vaccinated People’s ImmunityMeet the Hedge-Fund Manager Who Warned of Terra’s $60 Billion Implosion$11 Trillion and Co

  • AppYea expands its SleepX patent commercialization portfolio with a non-diluting agreement.

    SleepX signed a new commercialization agreement for two new patents. The SleepX PRO solution is designed to diagnose sleep apnea using only a smartphone, with no physical contact.