A small number of computer systems in the federal government have been affected by a major software flaw that could allow hackers to gain unfettered access, a senior US official said Thursday.
Anne Neuberger, the deputy national security advisor for cyber and emerging technology, told Bloomberg Television that she expects the number of systems affected by the Log4j vulnerability “to grow”. She said the White House will meet with technology companies soon to tackle problems with open-source software.
Log4j is a piece of computer code that developers can put into applications to monitor, or “log”, anything from mundane operations to critical alerts. Those detailed logs can help programmers debug software and is used by millions of applications.
Neuberger said Thursday the affected software is broadly used but is nonetheless “hard for us to know at the first moment where that code is”.
Log4j is open-source software that is maintained by a group of volunteer programmers as part of the nonprofit Apache Software Foundation, one of dozens of open-source projects that have become a crucial component of global commerce.
Neuberger described open-source software as “a witch’s brew” that is “built by volunteers, broadly used, and not managed”.
Apache developers received a message on Nov 24 from an employee for the cloud-security team at Alibaba Group Holding Ltd, reporting the security bug. The message described how a hacker could take advantage of the flaw and remotely take over a computer. – Bloomberg