The US military wants to verify the security of open source software

Computer scientists, even outside the world of free software, in the world behind the Internet and information technologies, free software, GNU/Linux and others (hence the abbreviation lamp This predominance of free software (such as Linux, Apache, MySQL or MariaDB and PHP, Perl or Python) has now worried the US military, after alerting GAFAM. reports Technology Review, a journal of MIT.

“The cornerstone of almost all cloud computing”

MIT Review writes: [Les logiciels libres et open source] “It’s the cornerstone of almost all cloud computing, almost all supercomputers, the Internet of Things, billions of smartphones, and more. But the core is also open source, meaning anyone can write, read, and use its code. This worries U.S. military cybersecurity experts. Its open source nature means that the Linux kernel, along with other important open source software, is vulnerable to malicious manipulation in ways we don’t understand.

The review quotes Dave Eitel, a cybersecurity researcher and former computer security scientist at the NSA: “People are realizing now: Hey, wait a minute, everything we do is supported by Linux. This is a core technology for our company. Not understanding kernel security means critical infrastructure cannot be protected.

DARPA (Defense Advanced Research Projects Agency), a US defense research and development agency, has launched Social Cyber ​​– presentation Of this project, it is pre-2020 and a Chronology It’s a bit vague since MIT is offering it as a new program (or is it being relaunched after an extended hiatus?).

With an unspecified “multi-million dollar” budget, the project will “combine sociology with the latest technological advances in artificial intelligence to map, understand, and preserve these mass open source communities and the code they generate. The project differs from previous research because it will automate both the code and social dimensions of open source software.” Integrates analysis. “The open-source ecosystem is one of the greatest creations in human history,” says DARPA’s program manager Sergey Pratus. Critical systems everywhere. The systems that drive our industries, power grids, navigation, transportation.”

See also  France wants to push its vision of responsible business in the ongoing European reform

“To detect and counter any malicious campaign”

The project’s ultimate goal, MIT says, is to “identify and thwart any malicious campaign to submit flawed code, launch influence operations, sabotage development, or even take control of open source projects. To this end, researchers will use tools such as sentiment analysis to analyze social interactions within open source communities, such as the Linux kernel mailing list.” will use, this will help identify who is positive or constructive and who is negative and destructive.

DARPA works with contractors, one of which, New York-based Margin Research, specifically studies who works on open source projects. Its founder Sophia d’Antoine notes that Huawei is currently the largest contributor to the Linux kernel, adding that “another contributor works for Russian cybersecurity company Positive Technologies — which, like Huawei — is recognized by the US government. Margin also noted the participation of NSA employees in various open source projects.

Sophia d’Antoine’s comments on Twitter on the DARPA project:

Read more


You May Also Like

About the Author: Cory Weinberg

"Alcohol evangelist. Devoted twitter guru. Lifelong coffee expert. Music nerd."

Leave a Reply

Your email address will not be published.