This week something remarkable happened. The US Senate held a non-partisan committee hearing called "Responding to and Learning from the Log4Shell Vulnerability".
It was led by Chairman Gary C. Peters of Michigan and Ranking Member Rob Portman of Ohio, and get this; they actually knew what they were talking about. They understand that there are complexities of the open source supply chain and are looking for ways government policy can help the community with support and resources.
The four witnesses are industry veterans who, in my opinion, did a fantastic job in their statements and answering questions from other senators in the Homeland Security & Governmental Affairs Committee. Especially David Nalley (ASF President) and Jen Miller Osborn (Unit 42, Palo Alto Networks). Read their statements: David and Jen.
π¬ Discussions
π° Articles
Senators Relaunch Cybersecurity Bills Following log4j Concerns
The new package bill was introduced amid calls for increased government support of open-source software development.
Log4j hearing: 'Open source is not the problem'
Cisco, Palo Alto, Apache execs look at Log4j vulnerability responses, and the likelihood of future issues.
Security Experts Discuss Log4j Mitigation Before US Senate
In a U.S. Senate hearing on Tuesday, the Apache Software Foundation and leaders from Cisco, Palo Alto Networks and The Atlantic Council discussed open source
Apache tells Senate committee the Log4j vulnerability could take years to resolve
Every stakeholder in the software industry, especially the federal government and major customers, should be investing in supply chain security, Nalley said.
π Podcasts
Sarah Gran and Josh Aas: Sustainable Digital Infrastructure with Memory Safe Code
Sarah Gran and Josh Aas of ISRG go in-depth about their work on Prossimo to bring memory safe code to critical digital infrastructure and some other projects they are investing in this year.
π½ Videos
"Log4Shell has rightfully highlighted the urgent need for ongoing conversations about open source software security" - Jen Miller-Osborn
Disclaimer: All links that I (Justin) post in any newsletter issue are what I find interesting and or thought-provoking. I donβt agree with everyone but do value their perspectives.