Connect with us

Technology

Google says open source software should be more secure • The Register

In conjunction with a White House meeting on Thursday at which technology companies discussed the security of open source software, Google proposed three initiatives to strengthen national cybersecurity.

The meeting was arranged last month by US national security adviser Jake Sullivan, amid the scramble to fix the Log4j vulnerabilities that occupied far too many people over the holidays. Sullivan asked invited firms – a group that included Amazon, Apple, Google, IBM, Microsoft, and Oracle – to share ideas on how the security of open source projects might be improved.

Google chief legal officer Kent Walker in a blog post said that just as the government and industry have worked to shore up shoddy legacy systems and software, the Log4j repair process – still ongoing – has demonstrated that open source software needs the same attention as critical infrastructure.

“For too long, the software community has taken comfort in the assumption that open source software is generally secure due to its transparency and the assumption that ‘many eyes’ were watching to detect and resolve problems,” said Walker. “But in fact, while some projects do have many eyes on them, others have few or none at all.”

Pointing out Google’s various efforts to be part of the solution, he outlined several possible public-private partnerships that were mentioned at the meeting:

  • To identify a list of critical open source projects
  • To establish baseline standards for security, maintenance, provenance, and testing
  • To set up a maintenance marketplace, to match volunteers to needy projects

Laudable ideas all, if not particularly radical, unexpected, or novel.

Knowing which open source projects have the widest reach is certainly important to understanding where bugs would have the widest impact. Google software engineers have already been thinking about defining “criticality” in the context of software, so that work is underway. In fact, there’s software to generate a criticality score for other software.

As for baseline standards, the Open Source Security Foundation is already on the case, and we already have frameworks like the Google-devised Supply chain Levels for Software Artifacts. So that too is a work in-progress.

Walker’s description of an organization to connect projects with volunteer helpers employed at companies sounds a lot like any of the several open source sustainability efforts, just without the specific monetary component of GitHub Sponsors or Patreon.

“Many leading companies and organizations don’t recognize how many parts of their critical infrastructure depend on open source,” said Walker. “That’s why it’s essential that we see more public and private investment in keeping that ecosystem healthy and secure.”

That’s what everyone keeps saying, though often without paying.

Power in a union

Mike Hanley, chief security officer at GitHub, also had something to say on the subject: “First, there must be a collective industry and community effort to secure the software supply chain,” he said in a blog post. “Second, we need to better support open source maintainers to make it easier for them to secure their projects.”

Katie Moussouris, founder of Luta Security, told The Register in a phone interview that Google, as part of what she described as the security one per cent, does a lot of good work on its own product security and on security related to the software ecosystem. But that work, she said, is purely voluntary.

“If the US government is concerned about securing open source, then it does need to get more serious in terms of providing support to the open source community that is not volunteer, charity work from the security one per cent like Google and Microsoft and other elite, large service providers that were invited to the White House today,” she explained.

Moussouris suggested we need to adopt a model that’s more like Universal Basic Income for the developer community, in part because it’s a challenge to identify which projects are critical and which are not.

“The open source community definitely needs some form of universal basic income, because there are projects that start out as hobbies by one individual, and predicting popularity becomes a very difficult thing,” she said.

These projects often exist without much attention until there’s a security vulnerability and people realize there’s only a single maintainer, she said. While the government should appreciate the contributions of large companies like Google and its peers, “it cannot rely on the volunteer charity, labor and donations of the security 1 per cent mega-corporations if it’s going to solve this problem,” she said.

Asked whether a software license that imposes financial support obligations on large users of open source projects might help, Moussouris wasn’t certain licensing was the ideal approach to make open source more sustainable and more secure. But she voiced support for shifting revenue from the haves to the have-nots as a general goal.

“If the idea is to drive more of those who are profiting from open source and more of those profit dollars towards those who are building open source – as in the maintainers, and those who are doing it for free, or for very little financial support – if the goal is to drive more of those open source-derived profits back into the hands of the maintainers, I’m all for it,” she said.

Moussouris added that getting money to open source maintainers can be complicated. It’s often not easy to identify who to pay or how to pay them. “You can’t just cut a check from the government to an individual person, and that’s true around the world,” she said.

Another issue not mentioned among Google’s proposals is the need for specific security skills in the bug fixing process. Moussouris pointed to the lack of root cause analysis with Log4j that allowed multiple variants to be developed that bypassed the initial fix. The Log4j developers, she said, didn’t understand the scope of the vulnerability that had been reported.

“That’s the problem that’s not gonna be solved by throwing more developers at [the problem] – these are different job roles,” she explained. “So that is a gap in what everyone is talking about here in terms of support.” ®

Source link

Current

Congratulations, Privacy Just Took A Great Leap Out the Window!

Your Data Is Being Used Without Your Permission And Knowledge

The Voice Of EU | In the heart of technological innovation, the collision between intellectual property rights and the development of cutting-edge AI technologies has sparked a significant legal battle. The New York Times has taken legal action against OpenAI and Microsoft, filing a lawsuit in Manhattan federal court. This legal maneuver aims to address concerns surrounding the unauthorized use of the Times’ content for the training of AI models, alleging copyright infringements that could potentially result in billions of dollars in damages.

READ: HOW YOUR DATA IS BEING USED TO TRAIN A.I.

This legal tussle underlines the escalating tension between technological advancements and the protection of intellectual property. The crux of the lawsuit revolves around OpenAI and Microsoft allegedly utilizing the Times’ proprietary content to advance their own AI technology, directly competing with the publication’s services. The lawsuit suggests that this unauthorized utilization threatens the Times’ ability to offer its distinctive service and impacts its AI innovation, creating a competitive landscape that challenges the publication’s proprietary content.

Amidst the growing digital landscape, media organizations like the Times are confronting a myriad of challenges. The migration of readers to online platforms has significantly impacted traditional media, and the advent of artificial intelligence technology has added another layer of complexity. The legal dispute brings to the forefront the contentious practice of AI companies scraping copyrighted information from online sources, including articles from media organizations, to train their generative AI chatbots. This strategy has attracted substantial investments, rapidly transforming the AI landscape.

Exhibit presented by the New York Times’ legal team of ChatGPT replicating a article after being prompted

The lawsuit highlights instances where OpenAI’s technology, specifically GPT-4, replicated significant portions of Times articles, including in-depth investigative reports. These outputs, alleged by the Times to contain verbatim excerpts from their content, raise concerns about the ethical and legal boundaries of using copyrighted material for AI model training without proper authorization or compensation.

The legal action taken by the Times follows attempts to engage in discussions with Microsoft and OpenAI, aiming to address concerns about the use of its intellectual property. Despite these efforts, negotiations failed to reach a resolution that would ensure fair compensation for the use of the Times’ content while promoting responsible AI development that benefits society.

In the midst of this legal battle, the broader questions surrounding the responsible and ethical utilization of copyrighted material in advancing technological innovations come to the forefront.

The dispute between the Times, OpenAI, and Microsoft serves as a significant case study in navigating the intricate intersection of technological progress and safeguarding intellectual property rights in the digital age.


Continue Reading

Culture

Conflicted History: ‘Oppenheimer’ And Its Impact On Los Alamos And New Mexico Downwinders

‘Oppenheimer’ And Its Impact On Los Alamos And New Mexico Downwinders

The Voice Of EU | In the highly anticipated blockbuster movie, “Oppenheimer,” the life of J. Robert Oppenheimer, the man behind the first atomic bomb, is portrayed as a riveting tale of triumph and tragedy.

As the film takes center stage, it also brings to light the often-overlooked impacts on a community living downwind from the top-secret Manhattan Project testing site in southern New Mexico.

A Forgotten Legacy

While the film industry and critics praise “Oppenheimer,” a sense of frustration prevails among the residents of New Mexico’s Tularosa Basin, who continue to grapple with the consequences of the Manhattan Project. Tina Cordova, a cancer survivor and founder of the Tularosa Basin Downwinders Consortium, expresses their feelings, stating, “They invaded our lives and our lands and then they left,” referring to the scientists and military personnel who conducted secret experiments over 200 miles away from their community.

The Consortium, alongside organizations like the Union of Concerned Scientists, has been striving to raise awareness about the impact of the Manhattan Project on New Mexico’s population. Advocates emphasize the necessity of acknowledging the human cost of the Trinity Test, the first atomic blast, and other nuclear weapons activities that have affected countless lives in the state.

The Ongoing Struggle for Recognition

As film enthusiasts celebrate the drama and brilliance of “Oppenheimer,” New Mexico downwinders feel overlooked by both the U.S. government and movie producers. The federal government’s compensation program for radiation exposure still does not include these affected individuals. The government’s selection of the remote and flat Trinity Test Site, without warning residents in the surrounding areas, further added to the controversy.

Living off the land, the rural population in the Tularosa Basin had no idea that the fine ash settling on their homes and fields was a result of the world’s first atomic explosion.

The government initially attempted to cover up the incident, attributing the bright light and rumble to an explosion at a munitions dump. It was only after the U.S. dropped atomic bombs on Japan weeks later that New Mexico residents realized the magnitude of what they had witnessed.

Tracing the Fallout

According to the Manhattan Project National Historical Park, large amounts of radiation were released into the atmosphere during the Trinity Test, with fallout descending over a vast area. Some of the fallout reached as far as the Atlantic Ocean, but the greatest concentration settled approximately 30 miles from the test site.

Now I Am Become Death, the Destroyer of Worlds.

J. Robert Oppenheimer

The consequences of this catastrophic event have affected generations of New Mexicans, who still await recognition and justice for the harm caused by nuclear weapons.

A Tale of Contrasts: Los Alamos and the Legacy of Oppenheimer

As the film’s spotlight shines on the life of J. Robert Oppenheimer, a contrasting narrative unfolds in Los Alamos, more than 200 miles north of the Tularosa Basin. Los Alamos stands as a symbol of Oppenheimer’s legacy, housing one of the nation’s premier national laboratories and boasting the highest percentage of people with doctorate degrees in the U.S.

Oppenheimer’s influence is evident throughout Los Alamos, with a street bearing his name and an IPA named in his honor at a local brewery. The city embraces its scientific legacy, showcasing his handwritten notes and ID card in a museum exhibit. Los Alamos National Laboratory employees played a significant role in the film, contributing as extras and engaging in enlightening discussions during breaks.

The “Oppenheimer” Movie

Director Christopher Nolan’s perspective on the Trinity Test and its profound impact is evident in his approach to “Oppenheimer.” He has described the event as an extraordinary moment in human history and expressed his desire to immerse the audience in the pivotal moment when the button was pushed. Nolan’s dedication to bringing historical accuracy and emotional depth to the screen is evident as he draws inspiration from Kai Bird and Martin J. Sherwin’s Pulitzer Prize-winning book, “American Prometheus: The Triumph and Tragedy of J. Robert Oppenheimer.

For Nolan, Oppenheimer’s story is a potent blend of dreams and nightmares, capturing the complexity and consequences of the Manhattan Project. As the film reaches global audiences, it also offers a unique opportunity to raise awareness about the downwinders in New Mexico, whose lives were forever altered by the legacy of nuclear weapons testing.

The Oppenheimer Festival and Beyond

Los Alamos is determined to use the Oppenheimer Festival as an opportunity to educate visitors about the true stories behind the film’s events. The county’s “Project Oppenheimer” initiative, launched in early 2023, encompasses forums, documentaries, art installations, and exhibits that delve into the scientific contributions of the laboratory and the social implications of the Manhattan Project.

A special area during the festival will facilitate discussions about the movie, fostering a deeper understanding of the community’s history. The county aims to continue revisiting and discussing the legacy of the Manhattan Project, ensuring that the impact of this pivotal moment in history is never forgotten.

As “Oppenheimer” takes audiences on an emotional journey, it serves as a reminder that every historical event carries with it complex and multifaceted implications. The movie may celebrate the scientific achievements of the past, but it also illuminates the urgent need to recognize and address the human cost that persists to this day.


We Can’t Thank You Enough For Your Support!

— By Team VoiceOfEU.com

— For Info.: info@VoiceOfEU.com

— Anonymous Submissions: press@VoiceOfEU.com


Continue Reading

Current

GSK’s Mosquirix Is Revolutionizing The Fight Against Malaria

GSK’s Mosquirix And The Fight Against Malaria

Over the past three years, the global focus has primarily been on the Covid-19 pandemic, diverting attention and resources away from other infectious diseases that disproportionately affect vulnerable populations in the Global South. Among these diseases, malaria continues to be a pressing public health concern, claiming the lives of hundreds of thousands of people each year, especially children in Sub-Saharan Africa. While significant progress has been made in preventing and treating malaria, innovative solutions are needed to combat this deadly disease.

Advancements in Malaria Prevention:

Researchers have made remarkable progress in both prevention and treatment strategies for malaria. The World Health Organization’s recommendation of dual-ingredient insecticide-treated bed nets in March 2023 marks a significant milestone in preventing malaria transmission by Anopheles mosquitoes. These nets, including those with more lethal insecticide combinations and those disrupting mosquito growth, are key tools in malaria prevention efforts.

LEARN MORE: ALL ABOUT HEALTHCARE

The Importance of Cost-Effective Antimalarial Medicines:

Cost-effective antimalarial medicines play a crucial role in combating malaria. In 2021, approximately 45 million children between the ages of three months and five years received seasonal malaria chemoprevention, which involved monthly doses of therapeutic drugs at a cost of less than $4 per person. While this approach has shown promising results, the development of a groundbreaking vaccine brings renewed hope.

GSK’s Mosquirix (RTS,S) Vaccine:

GSK’s Mosquirix, also known as RTS,S, is an innovative vaccine that has the potential to transform the fight against malaria. This vaccine offers hope in preventing the disease, particularly among children in malaria-endemic regions. Although the current cost is relatively high, around $40 per child for the first year, it presents an essential step forward in malaria prevention efforts.

The Persistent Threat of Malaria:

Despite substantial investments of $26 billion to combat malaria in Sub-Saharan Africa, the number of cases has seen a slight increase between 2000 and 2019, although the number of deaths has decreased. This highlights the need for new prevention measures tailored to vulnerable populations, especially children. Taking inspiration from the Covid-19 pandemic, where monoclonal antibodies have demonstrated their potential, similar approaches could be explored in the fight against malaria.

The Potential of Monoclonal Antibodies:

Monoclonal antibodies, laboratory-made copies of immune system proteins, have shown immense potential in combating various diseases, including cancer and autoimmune disorders. Their remarkable selectivity and ability to target specific molecular markers make them an attractive option for preventive interventions. Researchers at the United States National Institutes of Health, led by Robert Seder, have identified two antibodies that target CSP-1, a protein used by the malaria parasite to invade liver cells. Clinical trials are currently underway in Mali and Kenya to assess their safety and efficacy, focusing on seasonal and year-round malaria transmission settings.

Game-Changing Potential:

Monoclonal antibodies have the potential to be a game-changer in malaria prevention, advancing the long-sought goal of eradication. The latest generation of antimalarial antibodies offers extended protection, with a single dose potentially safeguarding a child for at least three months, if not longer. Clinical trials will determine the extent and duration of this protection and guide future improvements to achieve a once-a-year injection.

Making Monoclonal Antibodies Accessible:

While monoclonal antibodies are often associated with high costs, efforts to increase their potency could significantly reduce expenses. It is estimated that an injection as small as one milliliter of the antibody drug being trialed in Mali and Kenya could protect children at a cost of only $5-10 per person. To ensure accessibility, it is crucial to engage national regulatory agencies and involve affected countries in the production of these biologics. While manufacturing antibodies is a complex and regulated process, investing in the necessary technology now would greatly benefit developing economies burdened by endemic malaria.

Addressing Disparities and Raising Awareness:

Currently, demand for monoclonal antibodies primarily comes from high-income countries, with Africa accounting for only 1% of global sales. This disparity underscores the importance of working with national regulatory agencies to address public health concerns and involve affected countries in the production and distribution of these life-saving biologics. Collaboration among government, academia, and industry is crucial to coordinate advocacy efforts and raise awareness about the potential of monoclonal antibodies in malaria prevention.

Preparing for Success:

While the deployment of the first generation of antimalarial antibodies is expected to occur no earlier than 2027, it is essential to start preparing for their potential success now. These antibodies hold tremendous promise as a powerful weapon in the fight against malaria, alongside bed nets, medicines, and emerging vaccines. Clinical trials will provide vital information on the extent of their efficacy, duration of protection, and dosage requirements. It is imperative to remain proactive and ensure that the necessary infrastructure and policies are in place to facilitate the widespread adoption of these breakthrough treatments.

Combining Science & Research:

As the world continues to battle the ongoing Covid-19 pandemic, it is crucial not to overlook the persistent threat of malaria, especially in regions heavily impacted by poverty. While significant progress has been made in malaria prevention and treatment, the development of innovative solutions like GSK’s Mosquirix vaccine and the potential of monoclonal antibodies offer renewed hope in the fight against this deadly disease. By harnessing the lessons learned from Covid-19 research and engaging in collaborative efforts, we can work towards a future where malaria is no longer a major public health concern. Together, we can strive for the eradication of malaria and ensure a healthier future for vulnerable populations worldwide.


By Laura Richardson | Independent Contributor “The Voice Of EU

Thank You For Your Support!

— Compiled by Team VoiceOfEU.com

— For More: info@VoiceOfEU.com

— Anonymous News Submissions: press@VoiceOfEU.com


Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!