Threat Management, Exposure management, Governance, Risk and Compliance, Government Regulations, Threat Intelligence, Third-party code, Threat Hunting

Defenses against open-source software threats sought by senator

Russian hack attack concept, on the computer keyboard. 3D rendering

U.S. National Cyber Director Sean Cairncross has been urged by Senate Intelligence Committee Chair Tom Cotton, R-Ark., to combat risks associated with the growing involvement of China and Russia in open-source software development, CyberScoop reports.

Illicit code has already infiltrated popular open source codebases through state-backed software developers and cyberespionage operations, as evidenced by a test version of XZ Utils being compromised with a backdoor by suspected nation-state hacker Jia Tan, said Cotton in a letter to Cairncross.

Risks are also apparent with the Defense Department's use of an OSS solely maintained by a Russia-based developer, as well as Chinese tech firms Huawei and Alibaba being major OSS contributors, according to Cotton, who also asked federal cyber officials to improve visibility into where open-source code comes from and to track contributions tied to developers in adversary nations. He noted that open-source software is used across government and defense systems.

The letter follows earlier congressional warnings and stalled legislation on the issue, along with Pentagon guidance issued in July to limit foreign influence in department technology.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds