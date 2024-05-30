Security

 

Can Public-Private Partnerships Improve Open-Source Security?

open-source cybersecurity public-private collaboration

Better collaboration between public and private sectors to advance open-source security is a major unresolved technology concern, especially as open-source software gains global dominance alongside artificial intelligence technology.

Organizations like The Linux Foundation and Open Source Initiative have made significant efforts to advance the open-source cause. However, more cross-industry partnerships and governmental oversight are needed.

The lack of traction in the U.S. needs to be more aggressively addressed, and more needs to be done to advocate for open-source security assurance, urged Ann Schlemmer, CEO of open-source database management company Percona.

Two years ago, the joint government-private sector response to the Log4j vulnerability that spawned 800,000 attacks worldwide led to the Enduring Security Framework for federal agencies adopting open-source software (OSS). During that time of crisis, the potential and benefits of public-private partnerships were on full display.

Since then, little progress has been made, Schlemmer noted. The U.S. government has not issued policies or enacted legislation to mandate the behaviors of commercial enterprises in their use of open-source software.

“With the rising prevalence of open-source models powering artificial intelligence, the ramifications of a significant vulnerability being exploited today can have dire consequences,” Schlemmer told LinuxInsider.

Will Public-Private Partnerships Offer Solutions?

An ongoing need exists for organizations to focus on practical policies promoting efficient business and stimulating innovation. That need must be addressed to keep our world safe from the chaos and harm that exploitation of OSS vulnerabilities can wreak, according to Schlemmer.

The absence of government action in fostering more open-source collaboration is a big part of any software security solution. In 2022, the U.S. Congress received a bill addressing the need for greater government action to foster and secure open-source software. It has not had any action, she complained.

“Open source is not as secure as it needs to be,” warned Schlemmer.

By comparison, the U.K. Parliament is strides ahead of stalled efforts by U.S. government officials to foster better oversight regarding securing open source and artificial intelligence, observed Schlemmer.

She thinks the U.K.’s more proactive steps have created some potential blueprints on how governments can encourage cooperation. Establishing policies to foster working partnerships aligns with the collaborative nature of the open-source community.

“I would also like to believe that the nature of governments is to be collaborative, to listen to their constituents, and to do what is best. Obviously, security is paramount for all of us using technology. So, how do we have those conversations?” she asked.

Looking for Help Before Worse Things Happen

Despite her strong views on fighting for better open-source safety standards, Schlemmer is not positioning Percona to be a cheerleader for partnership action. Instead, she would like to see companies benefiting from open source become more involved in safety collaborations.

“We are not leading the charge. I am not leading the charge,” she insisted.

Schlemmer does, however, pay attention within her company to steer the right people into getting involved with different organizations engaging that explicit mission. That helps the company’s mission of servicing its users and customers be more successful with open source, she argues.

“We believe in using open source to accelerate innovation for everyone everywhere, specifically in the open-source database space. So, I can tie this into our mission, but that’s not my goal,” Schlemmer clarified.

She wants to see a universal sense within business and industry for the need to collaborate through partnerships to proactively innovate safely. The alternative is waiting for a significant breach fiasco that stimulates a reactive response of rushed government mandates that impose limitations on innovation and open-source developers.

Schlemmer explained that it is about connecting the dots and linking them to topics that garner attention in conversations about big tech, big tech companies, and constituent interests.

“How do we weave it into some of those conversations because the large tech companies are a mix of doing closed source and open sources? All of them have open-source software,” she added.

Two-Fold Goal for Collaboration Expansion

Clearly, there is a need to educate workers and company leaders about open-source standards. Schlemmer wants the industry to ensure safety guidelines exist for both closed and open-source code.

“Closed and open source considered equally should be a paramount goal so that we have mechanisms to move more quickly,” she added.

Funding must be considered. Schlemmer ponders what the financial support picture looks like. The tension between private industry and public communities always exists, so that is a larger conversation to have.

“It starts with education, setting standards, and making sure that there is a more level playing field for everybody in tech,” said Schlemmer.

With AI and other innovative advancements in open source, organizations are again caught up in “the speed of technology” development cycles.

“How do we make sure that we are all eyes wide open?” Schlemmer asked about safeguarding the new technology directions software developers face.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
view all
open-source software developer
Post-Open Licensing Could Offer Software Devs Funding Alternatives
May 7, 2024
Open Source
Best Record Yet for Open Source Use in Business Worldwide
April 12, 2024
How To Speed Up a Suddenly Slow Android Phone
January 25, 2024
open source software in business
Open-Source Experts’ 2024 Outlook for AI, Security, Sustainability
January 23, 2024
AI Will Have a Transformative Impact on Software Development in 2024
January 16, 2024
Linux operating system review
LinDoz Returns With Advanced AI To Revamp the MakuluLinux Lineup
January 4, 2024
Linux software review
Kumander Linux: This New Distro Puts You in Charge of Computing
December 18, 2023
Monoprice CrystalPro 27″ Monitor Delivers Productivity, Convenience at a Bargain Price
December 7, 2023
the dashboard of a modern automobile with embedded Linux technology
Wind River Linux Drives New Solutions for Software-Defined Vehicles
October 31, 2023
Open Source Vulnerabilities
Qualys Discovers Critical Linux Flaw ‘Looney Tunables’
October 4, 2023
More in Security
How to set up a VPN for encrypted connection to the internet
How To Connect via OpenVPN on Ubuntu
April 19, 2024
data center systems engineer
What To Do if Your Linux Server Has Been Hacked
March 22, 2024
network engineer
Crafting Advanced DNS Configurations on Linux
March 19, 2024
software engineer monitoring servers
How To Check if Your Linux Server Has Been Hacked
March 4, 2024
IT infrastructure setup, including servers, switches, routers, and structured cabling systems in a data center
Be It Resolved: Systemd Shall Serve DNS
February 23, 2024
IT and Security Leaders Baffled by AI, Unsure About Security Risks: Study
October 18, 2023
software engineers monitoring enterprise IT systems
More Linux Malware Means More Linux Monitoring
September 15, 2023
computer user discovers a VPN cybersecurity vulnerability
Atlas VPN Linux Leak Exposes Users’ IP Addresses
September 7, 2023
Linux security
When Betting on Linux Security, Look at the Big Picture
August 28, 2023
New US Initiatives Aim To Better Defend Against Cyberattacks
August 15, 2023

Which factors are most important to you when buying tech products?
- select up to three -
Loading ... Loading ...

LinuxInsider Channels

Business

Business

Open-Source Experts’ 2024 Outlook for AI, Security, Sustainability

Community

Community

AI Expert Claims Big Tech Using Fear of AI To Scare Up Profits

Developers

Developers

AI Will Have a Transformative Impact on Software Development in 2024

Enterprise

Enterprise

More Linux Malware Means More Linux Monitoring

Exclusives

Exclusives

2023: Year of the Software Developer

Mobile

Mobile

How To Speed Up a Suddenly Slow Android Phone

Reviews

Reviews

LinDoz Returns With Advanced AI To Revamp the MakuluLinux Lineup

Security

Security

Be It Resolved: Systemd Shall Serve DNS

Software

Software

Lunar Lobster Is Dead: How To Upgrade to Ubuntu 23.10 Mantic Minotaur

Spotlight Features

Spotlight Features

Cyber Forecast for 2023 and Beyond: Hang on for a Bumpy Digital Ride

Tech Blog

Tech Blog

The Last Digitally-Free Nation on Earth

More from ECT News Network

E-Commerce Times

Cold Cash Loses Value to Digital Dollars as Payments Industry Transforms
Cold Cash Loses Value to Digital Dollars as Payments Industry Transforms
May 29, 2024
European E-Commerce Ripe for North American Retailer Expansion
European E-Commerce Ripe for North American Retailer Expansion
May 21, 2024
Retailers Ignoring Customer Privacy, Website Usability Put Business at Risk
Retailers Ignoring Customer Privacy, Website Usability Put Business at Risk
May 9, 2024

TechNewsWorld

Google Joins AI Laptop Party With Chromebook Plus
Google Joins AI Laptop Party With Chromebook Plus
May 29, 2024
For Infineon, AI Is the Key to IoT’s Potential
For Infineon, AI Is the Key to IoT’s Potential
May 28, 2024
Microsoft Hits Hard With AI, but Is the PC the Right Platform?
Microsoft Hits Hard With AI, but Is the PC the Right Platform?
May 27, 2024

CRM Buyer

To Deploy a Better CRM With AI, Keep Humans on the Help Desk
To Deploy a Better CRM With AI, Keep Humans on the Help Desk
May 28, 2024
The Broad Scope of AI Implementation for Enhancing CRM Efficiency
The Broad Scope of AI Implementation for Enhancing CRM Efficiency
May 10, 2024
Turning Point
Turning Point
May 2, 2024