The US military wants to understand the most important software on Earth – MIT Technology Review

One such performer is New Yorkbased Margin Research, which has put together a team of well-respected researchers for the task.

There is a desperate need to treat open-source communities and projects with a higher level of care and respect, said Sophia dAntoine, the firms founder. A lot of existing infrastructure is very fragile because it depends on open source, which we assume will always be there because its always been there. This is walking back from the implicit trust we have in open-source code bases and software.

Margin Research is focused on the Linux kernel in part because its so big and critical that succeeding here, at this scale, means you can make it anywhere else. The plan is to analyze both the code and the community in order to visualize and finally understand the whole ecosystem.

Margins work maps out who is working on what specific parts of open-source projects. For example, Huawei is currently the biggest contributor to the Linux kernel. Another contributor works for Positive Technologies, a Russian cybersecurity firm thatlike Huaweihas been sanctioned by the US government, says Aitel.Margin has also mapped code written by NSA employees, many of whom participate in different open-source projects.

This subject kills me, says dAntoine of the quest to better understand the open-source movement, because, honestly, even the most simple things seem so novel to so many important people. The government is only just realizing that our critical infrastructure is running code that could be literally being written by sanctioned entities. Right now.

This kind of research also aims to find underinvestmentthat is critical software run entirely by one or two volunteers. Its more common than you might thinkso common that one common way software projects currently measure risk is the bus factor: Does this whole project fall apart if just one person gets hit by a bus?

While the Linux kernels importance to the worlds computer systems may be the most pressing issue for SocialCyber, it will tackle other open-source projects too. Certain performers will focus on projects like Python, an open-source programming language used in a huge number of artificial-intelligence and machine-learning projects.

The hope is that greater understanding will make it easier to prevent a future disaster, whether its caused by malicious activity or not.

Pretty much everywhere you look, you find open-source software, says Bratus.Even when you look at proprietary software, a recent study showed its actually 70% or more open source.

This is a critical infrastructure problem, Aitel says. We dont have a grip on it. We need to get a grip on it. The potential impact is that malicious hackers will always have access to Linux machines. That includes your phone. Its that simple.

Go here to read the rest:
The US military wants to understand the most important software on Earth - MIT Technology Review