Mediaboss Marketing

Big brands usually opt for the usual influencer marketing strategy of putting their money on macro and celebrity influencers. However, Myntra has launched its own Style Squad comprising of creators from the grassroots. With an aim to strengthen its influencer marketing and social commerce footing, the squad comprises creators that are performing well on the Myntra app. This helps in showing the potential to drive engagement and conversions. Achint Setia, Head of Marketing and Social Commerce at Myntra, talks about the intent and insight behind the property, content-to-commerce strategy, evolving proposition and much more.

Edited Excerpts

What was the insight and inspiration behind the launch of Myntra Style Squad? What are the objectives that you aim to achieve with this property?

Myntra Style Squad is our endeavour to strengthen our creative economy investments. This is central to our social commerce business which is led through influencers and an engagement-to-commerce business model. Over the last couple of years, we have worked with thousands of influencers for a variety of contexts. We have identified a set of people who have performed very well on the platform, who were able to build deeply engaged communities and drive commerce outcomes with Myntra customers. We want to invest further in this set by giving them the right support in terms of resources, deeper insights into trends and customer behaviours as well as training programs to become better at their craft. The style squad will in a way be the ambassadors of Myntras social commerce play, conversations on social media and will represent the platform in its entirety. We have a mix of creators from different geographics, age groups and other demographics and their expertise is also varied from folks who are deep into a bunch of categories. We understand beauty and personal care very well as we operate in these categories on the platform and this is our endeavour to strengthen our footing in that area.

What model will the Style Squad follow in order to drive conversions for Myntra? What were the challenges in executing this idea end-to-end?

The model is a combination of on-demand content and Live commerce content. In the on-demand case, the influencers ideate a set of formats and topics around which they want to build content. There is a monthly calendar on which we align these topics basis what is trending and where lies the consumers intent. They then create their own curations basis their own fashion and beauty prowess. Live commerce is a more immersive content experience. It's 45 minutes to 1-hour long show per live event. The influencers go through the depths of a set of curations, trying to explain to users all the aspects of a particular product or brand. Because it is a live interaction, consumers can ask questions around the fitment of that particular product for their own behaviour, and needs and then shopping can happen.

Both are very different models and have their unique set of challenges. Live is more challenging than on-demand because it requires investment on the influencers part to be able to engage and hold the audience's attention for long and to be able to answer audience questions with expertise. To overcome that challenge, we invest a lot in training these influencers.

How does social commerce or content-to-commerce fit the larger brand and marketing strategy for Myntra? Can you give us a sense of the scale of social commerce for you?

From a marketing perspective, social commerce provides this influencer ecosystem that represents the brand's voice on external platforms as well as on Myntra. It's an extension in terms of tonality, industry, talking to customers. Myntra has always stood for empowering people, diversity and inclusion as a fashion brand. We pride ourselves in coming across as enablers versus somebody who positions as someone more powerful than the consumer. Today, influencers come across as friends, peers and folks who are relatable and hence it's an extension from that standpoint of brand principles. From a platform standpoint, it is very critical in terms of driving new shopping experiences for our customers, giving them new reasons to come back to the platform, driving stickiness, and over a period of time, upgrading them and increasing their share of wallet.

Close to 20% of our monthly active users engage with social commerce. The majority are our regular customers on the platform who understand fashion very well. Social commerce happens to talk to a lot of our premium customers. It's a fairly large base and this number is growing very fast. We aspire to take this number to close to 50% of our user base in the next couple of years.

For a consumer coming to your platform, what does Style Squad offer differently that Fashion Superstar or Myntra Studio haven't already?

Style Squad isnt at the same level as other properties. It is our endeavour to go deeper with a certain set of creators who do well on the platform and help them do better. What changes for the consumers is one, while there'll be many other influences on the platform, the share of voice that the Style Squad generates will go up. Secondly, over a period of time, with the training and the investment behind the style squad, the quality of content and the knowledge they impart on fashion and beauty will dial-up and consumers will benefit from that. Thirdly, they will have more opportunities to talk one-on-one with these Style Squad members which would be very gratifying to consumers and build trust and affinity towards this pool.

While most D2C commerce channels are pivoting to be content-commerce, how has Myntra's proposition evolved over time?

Myntra has always been ahead of the curve in terms of using content smartly. Fashion offers us that opportunity and Myntra took a headstart. As a platform, we have understood how to leverage content to drive conversations on trends, new brands, adoption of new styles and looks and how to use them on different occasions and settings. It is the deeper understanding of building the right fashion content with the right set of influences is where we have evolved significantly through all our experiments over the years. Myntras consumers are slightly more fashion-forward than the average consumer in the country who are looking for a more nuanced experience in fashion and beauty and we have tried to crack our own model of what works better for this consumer.

The content economy has boomed manifold over the last few years but lacks standardization. What are the synergies here for brands as well as creators in terms of monetization?

By bringing the influencers on board and offering their services to our brands in a platformed manner, brands don't need to worry about which influencers to work with, as we've already built that army. We have also built the right experience for the brands, they just have to come up with the objective and how they want to engage with the consumer and then cherry-pick from the wide pool that we have created for them.

This also creates a lot of monetization opportunities for the influencers because Myntra has already established credibility for them. Influencers can now earn a more regular income through the Myntra Style Squad. Myntra social commerce business is one of our critical success metrics and we will be only successful when we pick up these influencers from the grassroots. These people have grown with us and as they become bigger and start earning reasonable money, they can make influencing a full-time profession. This will encourage a lot more people in the country to pick up this as a profession as it becomes more organized.

Going ahead, what new can we expect from Myntra both in the content and business expansion front?

This is a core part of our experience proposition to our consumers. We continue to bring cutting edge tech-enabled content and shopping experiences. Consumers will see the evolution of both Live and Myntra studio in terms of the product investments we've put into immersive experiences. There will be new experiences being brought in, in terms of getting creators on board and ensuring seamless participation of brands. Myntra will bring new content formats this year, given the power of the technology. We have a new format coming alive on the live streaming space as we are experimenting a lot with formats that are typically done well in the offline ecosystem.

Read more news about (internet advertising India, internet advertising, advertising India, digital advertising India, media advertising India)

View original post here:
Myntras social commerce business is one of the critical success metrics: Achint Setia - Exchange4Media

navyasa by Liva, a contemporary saree brand from the Aditya Birla Group, has been launched today. Deepika Padukone will be the face of this much-awaited creative fashion retail brand. The first four stores launched today are in Indias top cities-Delhi, Mumbai and Bangalore that will open doors to a world of artful and fashionable sarees.

navyasa stores are now operational at Ambience Mall Vasant Kunj, DLF Saket in Delhi, Orion Mall in Bangalore and Inorbit Mall in Mumbai. Ranging from Rs. 5000-15,000, navyasa by Liva currently offers 17 collections in 5 different varieties of nature-based Liva fabrics. There is a saree for each sensibility including printed, embroidered, embellished and woven styles.

Explaining the thought behind the launch of this brand, Rajnikant Sabnavis, Chief Marketing Officer, Grasim Industries (Pulp and Fibre), said, Aimed at perceiving sarees as the new cool and making it the preferred attire for the modern Indian women, brand navyasa by Liva is coined from navya which means new, and rasa, which is the art of everything we do. With a national brand like ABG and Liva venturing into sarees, I am hoping to see a much larger shift in the perception and adaptability to sarees especially among the younger generation and urban women. The brand is an ode to true contemporary, cosmopolitan Indian women who believe that style is a combination of fashion and comfort.

navyasa by Liva sarees are fluid, flowy and are made with nature-based fabric Liva. They will allow women to move around with spirited optimism and #freetobe in their element as well as explore life comfortably whether at work, party, lunch or a cafe.

The collection features ethereal prints and chic styles. Each saree tells a colour-rich story with a modern twist. The unique bold designs and diverse themes are designed to allow style to converge with fashion. Renowned designers Abir and Nanki, along with the internal design team at Liva have been instrumental in bringing the collection alive.

Talking about the first collection of the brand, Designer Nanki said, We have taken it upon ourselves to break the social stigma of sarees perceived as dated attire for older women or occasional wear. To alter the misconception of physical barriers associated with it, we have designed free-form drapes that are subtle yet make a statement encouraging women to push boundaries, blur the edges, and reach a limitless sky. With finesse as its essence, navyasa by Liva is designed to empower women with freedom of expression; enabling adventure, boldness and their vibrant personality with versatile prints.

Designer Abir added, Its easy to get bogged down by the pre-conceived notion of the effort it takes to wear a saree. However, draping those nine yards of elegance can be magical if we allow it to be. Todays woman wants the saree to feel good, look good and be so comfortable that it feels like second skin. navyasa by Liva does that for the wearer. The nature-based fabrics are extremely breathable. With this launch, I foresee a revolution in Indian fashion as young women will find it very easy to express their sense of fashion through this under-rated beautiful attire called saree. The wide range of bold and vivacious prints will inspire many women to adopt sarees in their wardrobe.

Read more news about (internet advertising India, internet advertising, advertising India, digital advertising India, media advertising India)

Here is the original post:
Deepika Padukone is the face of fashion retail brand navyasa - Exchange4Media

With International Womens Day being just around the corner, exchange4media PR & Corp Comm is running a 'Women Achievers Series'. It will feature the journey, success and achievements of some of the top women leaders from the Public Relations and Corporate Communications fraternity.

Todays series features Roma Balwani, Senior Advisor, Vedanta. A veteran in the field of communications, she is also Independent Director, John Cockerill India.

Excerpts:

Now that the industry is opening up workplaces and resuming operations from the office, what are the initiatives, measures and precautions that should be adapted to ensure a smooth transition?

Across the manufacturing and essential services industry, organisations that run large plants/ assets had little choice but to be agile to adapt and work towards ensuring the safety and wellbeing of their employees and local communities. The strategy to quickly bring in 20 per cent manpower to optimise production in the early days of the pandemic and then increase the manpower was very crucial in the past 20 months so that there is a seamless transition with multiple measures to ensure safety at all costs.

All the social investments to stabilise productivity at Vedanta, be it CSR measures, technology and remote digital technology - all played a vital role to continue the mining operations safely. The resilience that employees demonstrated was stellar. Their adaptability and enabling a smooth transition to hybrid workplace norms were indeed admirable. The HR teams played a pivotal role and plant heads compassionately engaged on-ground with employees, families and communities. This has held us in good stead to increase manpower to run the plants efficiently. Communication played a key role in ensuring reassuring messaging. The wholehearted support by the top management in introducing key HR initiatives for Covid-affected employees and families was the need of the hour. These are now hygiene factors in the workplace and attendance in the corporate offices has increased considerably to help smoothen the interface with our corporate teams and people in the plants during the covid waves that the world is facing.

The last 20 months have been trying for every professional, especially with the hybrid working model. How did you strike a balance between office work and household duties?I distinctly remember the mindset change everybody, including me, had to face. However, with the empowerment, we were able to tide over the ever-changing scenario with HR practices, which came with a forward-looking mindset to offer employees flexibility. Yes, the surround sound when you work from home has to be managed efficiently. Stress levels increased and you had to strive hard to create a routine that is now optimised, working well and now a way of life.

Women have been carving a niche for themselves and paving the way in the communications industry for the next generation of women leaders to follow. Tell us about your achievements and your contribution to the fraternity.To go back in time, communications had not evolved as a strategic function nor was it so vital to protect the reputation of the company. The focus was on advertising and marketing, word of mouth and customer experience, which took centre stage. But many a time, despite the best of campaigns there was no enhancement of the corporate brand or the share value of the company. Now it takes centre stage when you see how important transparent communication is a key obligation to shareholders, the public and employees, and many indirect stakeholders. Companies now realise this is a leadership and strategic function for responsible business. The need of the hour is walking the talk and communicating consistently and proactively, especially now with scientific data, measurement tools and investments made to manage reputational risks. This has been a journey to create the right kind of strategy that has underscored the importance of communications at each step as a communications professional. I sometimes forget that I may have unconsciously faced any gender bias. Women are equally competent, if not more, and have demonstrated their skills in every sphere with empathy and emotional intelligence.

What are the roadblocks that you have had to overcome to reach where you are today? What, according to you, are the makings of a leader?It is your own limitation. Once you unfetter yourself, build your self-worth and make your distinct place in the system, and you can aspire to reach the top position. Then the world will be your oyster.

What is your advice for the young generation?My simple philosophy has been to take on any responsibility, ask for help when faced with adversity, be a strong advocate for your conviction and have confidence in your ability to perform. It is also about ensuring collective success. Learn, unlearn and relearn. When you stop that, you stop growing. Our tribe now has a strong voice, which can impact not only businesses but create perceptions for nations as well. It is a huge responsibility reposed on young leaders who are getting set to make a mark in the PR industry. They are agile, well-groomed and well informed to take on the task and excel! I am amazed by the conviction of their ideals, smart mindset and can-do spirit!

Read more news about (internet advertising India, internet advertising, advertising India, digital advertising India, media advertising India)

More here:
Women have demonstrated skills in every sphere with empathy & emotional intelligence - Exchange4Media

Free plugins abound on the internet these days, but music-makers are busy people. Many of you don't have the time to keep a watchful eye on the headlines for every complimentary compressor and gratuitous granular synth that's been tossed on the ever-expanding pile of free music software available to the financially savvy producer.

Good news: that's what we're here for. In addition to spotlighting the good stuff in our daily news coverage, we're finishing off each month with a carefully curated round-up of all the free music-making software that's been released over the past 30 days, ensuring you stay up to date with the music production world's most essential freebies.

This March, we've got veritable goldmines from Audio Damage and Toneboosters, AI-powered sample management tools from Waves, another unmissable offering from Spitifire LABS and a screamingly good emulation of the Ibanez Tube Screamer. Dig in.

Platforms: Mac/PC | Formats: VST/AU | Download

Audio Damage surprised music-makers this month by making not just one or two, but 33 of its products available for free download. Weary of providing ongoing support for older software that may not work on newer systems, the manufacturer decided to chuck the whole lot online for free. The upshot is that you now have access to 33 previously paid-for plugins for free, though there may be a bit of trial and error involved to find the ones that will work on your system.

There are some real zingers to choose from, including the Phosphor and Basic synths, the Mangleverb reverb, the Bitcom bitcrusher, the Filterstation filter, the PanStation auto-panner, the Discord 3 pitchshifter, the Automaton buffer effect, the Kombinat multiband distortion and the Axon neural network drum machine.

Platforms: Mac/PC | Formats: VST/AU | Download

Audio Damage appear to have started a trend: following their announcement, Toneboosters also decided to make 23 of their 'retired' plugins available to producers for free. These legacy effects will come without any support or warranty, but thats no reason not to give them a try. They hail from Toneboosters TrackEssentials and BusTools series, and cover everything from dynamics processors to EQs, tape sims, de-essers, reverbs and pitch-shifters.

Platforms: Mac/PC | Formats: Standalone | Download

Waves made waves in the music production world this month with the announcement of a free sample management tool, Cosmos, that comes bundled with 2,500 free royalty-free one-shots and loops.

Cosmos is designed to bring order to your sample collection, putting all the loops and one-shots on your hard drive into one easy-to-search place. Waves says that its Neural Networks technology can analyse, auto-tag and sort your samples, leaving you with a single unified database where you can easily find everything you have. The tool runs as a standalone app, or can be integrated with Waves' CR8 creative sampler plugin.

Platforms: Mac/PC | Formats: VST/AU/AAX | Download

Were big fans of all of Spitfire Audios free LABS instruments, but the new Glass Pianoplugin- a collaboration with composer Philip Glass - looks particularly appealing. Powered by samples that were captured at Glasss home in Manhattan, NYC, and released to mark his 85th birthday, this gives you the sound of his baby grand piano, which has been in the same room since the 1990s.

Glass Piano comes with six presets that cover everything from standard grand piano tones to more atmospheric and warped sounds. The fittingly minimalist interface and control set means that both beginners and more experienced players will be able to get started quickly and easily.

Platforms: Mac/PC | Formats: VST/AU/AAX | Download

In what's certainly the month's strangest free plugin news, car manufacturer Kia announced that they're switching gears, changing lanes and taking a sharp left turn into the world of music-making software.

Launched as part of a marketing campaign and created in collaboration with DaHouse Audio, Kia's free software instrument move.ment is based on the sounds of nature. Its development was driven by science, were assured: The sounds of movement in nature produce whats known as pink noise, says Kia. This increases the alpha waves in the brain, inducing the flow state of consciousness, the state in which the brain is at its most creative.

Beyond the marketing flim-flam, move.ment isn't quite the car crash you might expect. After selecting your nature sound source, you can shape it in the Mixer section, which comes with individual controls for the Sampler, VCO, Noise and Reverb effect. Theres also a filter, an ADSR envelope and an Output section.

Platforms: Mac/PC | Formats: VST/AU/AAX | Download

This one's for the guitarists amongst you - in a delightful mashup of cutting-edge tech and classic gear, GuitarML have used machine learning techniques to recreate the sound of the legendary Ibanez Tube Screamer overdrive pedal in a free plugin. Using sophisticated neural networks, the developer has created a faithful emulation of the Screamer that should reproduce the full spectrum of sonic possibilities presented by all combinations of the Tone, Drive and Level knobs.

Platforms: Mac/PC | Formats: Browser-based | Play

Though it's not technically music 'software', Tahti.studio is a free music-making tool that's so powerful we couldn't bear to exclude it from this list. Released in December last year, the browser-based groovebox received an update this month, with the most exciting addition being an open source library of free-licensed drum samples that features, among others, 808, 909, and household percussion kits fromBedroom Producers Blog.

Inspired by Elektrons hardware grooveboxes, Tahti.studio offers some pretty advanced sample-based sound generation and sequencing possibilities. You have eight tracks to work with, and plenty of flexibility. For example, each track has its own multimode filter, distortion, frequency shifter, sample-rate reducer, and amp envelope. Almost all parameters can be modulated on a per-step basis, and there are three freely assignable modulation sources per track.

Each step can have its own micro-timing, retriggering, probability, and trigger conditions, while tracks can have individual lengths and sequencer speeds. There are four send effects (chorus, phaser, reverb, delay) and a master compressor and soft clipper. Collaboration is possible, too, thanks to the option to export and share patterns in their proprietary file format. You can also render patterns to WAV files so that you can continue to work on them in your DAW.

More:
The best new free music-making software: unmissable freeware synths, drum machines and effects for March 2022 - MusicRadar

Earlier this year, major technology companies, non-profits, and government agencies convened for an urgent meeting at the White House to discuss how best to address the security concerns posed by free and open-source software (FOSS)software that is developed by a distributed community rather than a centralized company. For years, tech companies and security experts have made the case for greater investments in the security of the FOSS ecosystem, as it has become an increasingly important part of critical digital infrastructure. The importance of doing so was highlighted by the recent Log4Shell vulnerability in the log4j FOSS package. Deployed across a vast range of digital applications, log4j exposed a huge amount of software to a devastating security vulnerability and illustrated the urgent need to improve security in open-source software.

FOSS is decentralized and free to use, so when security vulnerabilities are found it is difficult to determine the exact extent of the threat. Perhaps the most vexing part of the problem is that it is difficult to know which FOSS packages are most widely used (and therefore most concerning if a vulnerability is found in a given package). This lack of knowledge about which FOSS packages are deployedand whereleaves defenders in the dark and makes hard decisions about where to deploy resources even more difficult.

To address this problem, our team at the Laboratory for Innovation Science at Harvard (LISH) has partnered with the Linux Foundation and the Open Source Security Foundation (OpenSSF) to determine which FOSS packages are most widely deployed. Our findings, documented in a report released today, provide a detailed look at which FOSS packages are deployed in production applications and offer a number of lessons for policymakers and developers about how to improve the security of a critical building block of the digital economy.

First released in 1999, log4j is a FOSS component that carries out logging tasks for other pieces of software built on top of it. For example, if a developer of a piece of software needs to log all activity in an application for auditing or debugging purposes, she can utilize the log4j component so she does not have to build such logging functionality from scratch. log4j is extremely popular and is used in production software at companies including Apple, Google, Amazon, Twitter, and Tesla.

As early as 2013, a bug was introduced in the log4j code that treated logged text as code and executed it on the underlying system. Thus, an attacker would simply need to perform an action that would be logged (e.g., changing their username, writing a message in a chat, etc.) using a specific line of code, which would then be executed by the system, including reaching out to a server on the internet and downloading and running a piece of malicious code hosted there. Discovered in November 2021 by a member of Alibabas security team, the vulnerability was named Log4Shell.

The widespread use of log4j (potentially tens of millions of devices), combined with the ease of exploitation (a simple line of code), created a worst-case scenario. To that end, Jen Easterly, the director of the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) called Log4Shellthe most serious vulnerability Ive seen in my decades-long career. Within days of the release of the patch (long before most organizations could install it), there were over 800,000 attacks in a 72-hour period. Chinese and Iranian government-sponsored actors were observed taking advantage of the vulnerability.

The Log4Shell vulnerability is an important example of a much larger issue. FOSS has become a critical building block of the modern economy. However, its distributed and decentralized nature leaves it susceptible to significant bugs that can go unnoticed by developers for years. Further, and even more concerning, is that when such a vulnerability is found, because FOSS is built into nearly every software system, but is not well tracked, it may be difficult to identify all vulnerable instances of the software that are in production.

Prioritizing efforts to address the issue

To determine which FOSS packages are the most widely used (and therefore, the most concerning if a vulnerability is found in them) our team at LISH teamed up with the Linux Foundation and the OpenSSF. We worked with software composition analysis (SCA) companies to aggregate data on the most widely used FOSS packages. SCAs are hired by their customers to scan their codebases to help ensure they are not violating any software licenses. Therefore, by working with just a handful of SCAs, we were able to get insights into FOSS built into products sold by thousands of companies. While this method allowed us to get deep insights into the FOSS companies build into their software, this is only one layer of the technology stack, albeit an important one. In future studies we will consider other layers in the stack.

By identifying the most widely used FOSS packages, we hope to improve efforts to enhance the security of FOSS packages by looking for vulnerabilities in the most popular FOSS packages first. (Our final report can be found here.)

To ensure the privacy of the data shared by the SCAs, and to account for different size customer bases across the SCAs, we utilized statistical z-scores to aggregate the data and organize it such that we could rank-order the FOSS packages observed. Since the FOSS packages that developers build into their software frequently rely on other FOSS packages themselves, we considered both the direct observations of FOSS packages developers built upon, as well as the indirect FOSS packages those packages iteratively rely upon. Additionally, due to the differences in norms in computer programming languages related to the number of functions in a given package (and therefore how many packages a piece of software relies upon), we considered the npm repository (which hosts JavaScript packages) separately from all other repositories and languages. Not doing this would have caused JavaScript packages to incorrectly dominate the list. Finally, we considered FOSS packages in both a versioned and version-agnostic manner such that different levels of granularity could be observed.

In aggregate, we analyzed nearly 600,000 data points from the SCAs, and compiled lists documenting the 500 most used FOSS packages, one for each combination of direct/indirect, npm/non-npm, and versioned/version-agnostic packages. Although this more granular approach makes it harder to precisely say which FOSS packages are the most widely used, it provides more insight into the intricacies of the ecosystem. For example, log4j showed up as number 38 on our list of direct, non-npm, version-agnostic packages, but as number 126 on our list of indirect, non-npm, version-agnostic packages. Moreover, FOSS packages whose primary purpose are to pass data to a logger, potentially including log4j, (e.g., slf4j-api and log4j-api) showed up even higher on our lists (slf4j-api was number 1 on our list of direct, non-npm, version-agnostic packages). However, without deeper insights into how such packages were being used, it was not possible to know if they were relying on a vulnerable version of log4j.

The complexities of log4j became even more intricate when considering version numbers. By a nearly 3 to 1 margin, version 1.x of log4j was much more widely used than version 2.x. However, the Log4Shell vulnerability did not impact version 1.x, and therefore the bulk of log4j users in our dataset were not actually susceptible to the Log4Shell issue (although there are numerous vulnerabilities in the 1.x versions that remain unfixed since it has not been updated since 2015). In aggregate, despite the complexities of our results, they allow for an intricate understanding of the Log4Shell problem, and our hope is that they will also shine light on similar intricacies to help prevent such widespread vulnerabilities in the future.

Our report also identifies a number of high-level issues that need to be addressed if the FOSS ecosystem is to be properly secured:

The scale and scope of the vulnerabilities affecting FOSS packages have been known within the tech community for years. However, it is only recently that federal policy has reflected the importance of this issue to the economy and national security. A May 2021 executive order, for example, directed the U.S. National Institute for Standards and Technology (NIST) to provide guidance for companies on providing a software bill of materials (SBOM) to their customers. An accurate SBOM would give companies deeper insights into the software that is baked into their software, so they would know if they are vulnerable to issues like Log4Shell immediately. Other measures have been considered but failed to be made into law. Funding a FOSS security center within the Department of Homeland Security, for example, was included in the House version of the 2022 National Defense Authorization Act but didnt make it into the final bill.

In response to the Log4Shell vulnerability, the White House National Security Council, held a meeting in January with firms like Google and Microsoft, open-source organizations including the Linux Foundation, the Apache Software Foundation, and OpenSSF, and numerous federal agencies and departments. The meeting focused on preventing, finding, and shortening response time to FOSS vulnerabilities and discussed various potential public-private partnerships. Although there were no concrete pledges from the meeting, the intent was to start a discussion, identify possible paths forward, and commit to future meetings that would yield specific commitments by the various stakeholders.

The Log4Shell issue has also garnered the attention of the U.S. Federal Trade Commission (FTC), which has threatened to fine companies that fail to patch the issue and lose customer data as a result. While the FTCs move may encourage many companies to address the security issue, the fact that the FTC is playing a leading role in the response illustrates that the government lacks broad tools to address major cybersecurity vulnerabilities like Log4Shell.

Log4Shell was by no means the first major vulnerability in FOSS, but hopefully it represents a turning point that will inspire the federal government to take action to address this complex problem. Numerous private entities have already joined the effort by sponsoring FOSS projects and security improvement endeavors including Googles Secure Open Source Rewards, the Plaintext Group/Schmidt Futures FOSS Virtual Incubator and the efforts of the OpenSSF like their recently announced Alpha-Omega Project (sponsored by Microsoft and Google). Such efforts are important, but public support for research and legislation leading to more secure FOSS is critical and cannot come soon enough.

Frank Nagle is an assistant professor of business administration at Harvard Business School. His research is supported in part by the Linux Foundation.

Amazon, Google, and Microsoft provide financial support to the Brookings Institution, a nonprofit organization devoted to rigorous, independent, in-depth public policy research.

More here:
How to prioritize the improvement of open-source software security - Brookings Institution