In the wake of the Log4j vulnerability, the White House sent a letter to major software companies and developers in January to discuss ways to improve digital security in the cloud, pulling together participants for what they called an “Open Source Software Security Summit”. In the invitation, White House National Security Advisor Jake Sullivan noted that it was a “national security concern” for foundational open-source software to be maintained by volunteers.
Open-source software is foundational to the Internet, but there are some unique challenges posed when everything’s in the open and when many projects are run by volunteers. With so much at stake, how can we bolster the security of important open-source projects?
On Mar. 29, 2022 at 14:00 UTC / 11 AM Eastern Time, we held a discussion on how the Internet’s infrastructure providers work together with open source projects to identify the challenges inherent in securing open-source software, and how we can best make the Internet a safer place.
This discussion was moderated by James Galvin of Donuts, Inc., and featured the following leaders in the space:
Aila Power is the VP of Product Development at cPanel. Since her first IT role back in the 90s, she has introduced the benefits of Open Source and Free software to various organizations and encouraged their active participation in project communities. Along with her passion for technology and knowledge sharing, much of her free time is spent writing, attempting to learn musical instruments, and enjoying life with friends.
Since 2013, Jeff Osborn has been President of the Internet Systems Consortium, where he has managed to build a sustainable technical support business, which supports the ongoing maintenance of open source used in critical Internet infrastructure. ISC also operates one of the 13 DNS root nameservers of the Internet. Jeff serves on the Root Server System Advisory Committee (RSSAC) at ICANN, and is active with IETF, NANOG, RIPE NCC, and APNIC.
Jeff has worked in the internet arena since 1984. He was an early employee at the first commercial ISP, UUNET, and had a crucial role in its rapid growth. Jeff was involved in several other Internet-related enterprises and spent several years as an angel investor, advisor, and board member.
Brian Behlendorf is the General Manager of the Open Source Security Foundation, hosted by the Linux Foundation. Prior to taking this role in October 2021, Brian served as the General Manager for Blockchain, Healthcare, and Identity for the LF, which included heading the Hyperledger Foundation (since 2016) as well as Linux Foundation Public Health. Previously he has served as Chief Technology Officer for the World Economic Forum, co-founded Organic (one of the first web design consultancies) and CollabNet (like Github, but 2-3 generations too early). In his Chief Engineer role at Wired Magazine‘s nascent web property “Hotwired”, he put the first ad banner online in 1994, and co-founded the Apache Web Server Project in 1995, and has been apologizing for both ever since. Brian also worked as an advisor to the Office of Science and Technology Policy in 2009, working with Deputy CTO Beth Noveck to implement the Memorandum on Transparency and Open Government, and then with Health and Human Services to use open source software to accelerate standardized health information sharing. Brian also serves in a volunteer capacity on the boards of directors for the Electronic Frontier Foundation, the Mozilla Foundation, and the Filecoin Foundation.