Skip to content

The White House Is Worried About Open Source Software Security

A flaw found in a popular piece of software illustrates one danger of volunteer-run development projects.

relates to The White House Is Worried About Open Source Software Security
Illustration: Marcelo Lavin for Bloomberg Businessweek

Vincenzo Chianese thought he was doing a public service in 2017 when he helped publish a piece of software called Express Gateway, which consists of 22,554 lines of JavaScript code that aids in communication between software programs. Anyone could download Express Gateway for free and integrate it into their own products. As people did, a growing number found what they thought were flaws, and they turned to Chianese to complain and request repairs.

Chianese had built the code while working for a startup called LunchBadger Inc., where maintaining Express Gateway was part of his job. The company shut down in 2019, and he was faced with the prospect of keeping up the project by himself. Overwhelmed, Chianese sought help from well-known organizations that were using Express Gateway, including Dell Technologies Inc. and FIFA, the global soccer organization. “I said, ‘Hey, this is a situation,’” he says. “Their response was essentially zero.” Dell and FIFA didn’t respond to emails seeking comment.