Walden, Harper Seek Linux Input on Open-Source Software Cybersecurity Challenges
House Commerce Committee Chairman Greg Walden, R-Ore., and Oversight Subcommittee Chairman Gregg Harper, R-Miss., asked the Linux Foundation Monday for more information by April 16 on the cybersecurity “challenges and opportunities” the open-source software ecosystem “faces, and potential steps that OSS stakeholders may take to further support it.” OSS “is such a foundational part of the modern connected world that it has become critical cyber infrastructure,” the lawmakers said in a letter to Linux Executive Director Jim Zemlin. “The OSS ecosystem is more sustainable and more stable due to [recent] efforts, which directly increases the sustainability and stability of the cybersecurity of organizations that rely on OSS, as well. More work remains to be done, however. OSS adoption will continue to grow, making the sustainability and stability of the OSS ecosystem even more vital.” The House Commerce leaders cited the Heartbleed vulnerability in OpenSSL cryptographic software, disclosed in 2014, which exposed user passwords (see 1404110031 and 1404110072). Heartbleed’s widespread impact “forced individuals and organizations outside of the information technology community to recognize what members within the community had long-known: software is no longer written, but assembled,” the lawmakers said. They asked Linux “how sustainable and stable” the OSS ecosystem is and whether its Core Infrastructure Initiative has performed a “comprehensive study of which pieces of OSS are most critical” to the global information infrastructure. Linux didn’t comment.