Last week, I attended the White House Open Source Software Security Summit, along with VMware’s Chief Security Officer, Alex Tosheff, and Michael Kennedy, our VP of Global Government Relations and Public Policy. Led by Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, the summit was attended by both private industry leaders and government agencies review film.

This important gathering was precipitated by the Log4j vulnerability, but the real issue is — how can we ensure source code, build, and distribution integrity in all open source software (OSS)?

Building open source software and contributing to its many communities is a big part of VMware’s engineering and innovation spirit, and we believe the way forward hinges on continued collaboration. As such, we brought some practical recommendations to the table for accelerating both industry and public/private partnerships, as detailed in the following letter we submitted in advance of the summit.