Senate Intel chair urges national cyber director to safeguard against open-source software threats

Sen. Tom Cotton speaks on the Senate floor on December 17, 2025. (Senator Tom Cotton / YouTube)

By Tim Starks • Dec 19, 2025

Senate Intelligence Committee Chairman Tom Cotton is raising the spectre of foreign adversaries playing too heavy a role in open-source software, and asking the national cyber director to counter the risks.

The Arkansas Republican wrote to National Cyber Director Sean Cairncross Thursday, saying he was concerned about reports that “state-sponsored software developers and cyber espionage groups have started to exploit this communal environment, which assumes that contributors are benevolent, to insert malicious code into widely used open source codebases.”

Cotton cited last year’s alarms about a shadowy suspected nation-state hacker, Jia Tan, inserting a backdoor into a beta version of the compression utility XZ Utils. He also noted a Russia-based developer being the sole maintainer of a piece of open-source software (OSS) that’s in Defense Department software packages, and citations about Chinese tech companies Alibaba and Huawei being top OSS contributors.