White House wants your input on open source software security

Brief

The White House Office of the National Cyber Director has issued a request for information on open source software security.

Dates

• Responses are due by 5:00 p.m. EDT on October 9, 2023.
• By August 28, 2023, the Government will post responses to select questions on www.regulations.gov, as appropriate.

Key excerpts

From the White House fact sheet:

ONCD has established an Open-Source Software Security Initiative (OS3I) to champion the adoption of memory safe programming languages and open-source software security. The security and resiliency of open-source software is a national security, economic, and a technology innovation imperative. Because open-source software plays a vital and ubiquitous role across the Federal Government and critical infrastructure, (1) vulnerabilities in open-source software components may cause widespread downstream detrimental effects. The Federal Government recognizes the immense benefits of open-source software, which enables software development at an incredible pace and fosters significant innovation and collaboration. In light of these factors, as well as the status of open-source software as a free public good, it may be appropriate to make open-source software a national public priority to help ensure the security, sustainability, and health of the open-source software ecosystem.

From the RFI:

The RFI aims to further the work of OS3I by identifying areas most appropriate to focus government priorities, and addressing critical questions such as:

• How should the Federal Government contribute to driving down the most important systemic risks in open-source software?
• How can the Federal Government help foster the long-term sustainability of open-source software communities?
• How should open-source software security solutions be implemented from a technical and resourcing perspective?

We hope that potential respondents will view this RFI as a civic opportunity to help shape the government’s thinking about open-source software security.

Contact

• Nasreen Djouini
• Email: OS3IRFI@ncd.eop.gov
• Phone: 202–881–4697

Reference

• Fact Sheet: Office of the National Cyber Director Requests Public Comment on Open-Source Software Security and Memory Safe Programming Languages
• Request for Information on Open-Source Software Security: Areas of Long-Term Focus and Prioritization