White House wants your input on open source software security

"We hope that potential respondents will view this RFI as a civic opportunity to help shape the government's thinking about open-source software security."

By GovFresh · August 18, 2023


The White House Office of the National Cyber Director has issued a request for information on open source software security.


  • Responses are due by 5:00 p.m. EDT on October 9, 2023.
  • By August 28, 2023, the Government will post responses to select questions on www.regulations.gov, as appropriate.

Key excerpts

From the White House fact sheet:

ONCD has established an Open-Source Software Security Initiative (OS3I) to champion the adoption of memory safe programming languages and open-source software security. The security and resiliency of open-source software is a national security, economic, and a technology innovation imperative. Because open-source software plays a vital and ubiquitous role across the Federal Government and critical infrastructure, (1) vulnerabilities in open-source software components may cause widespread downstream detrimental effects. The Federal Government recognizes the immense benefits of open-source software, which enables software development at an incredible pace and fosters significant innovation and collaboration. In light of these factors, as well as the status of open-source software as a free public good, it may be appropriate to make open-source software a national public priority to help ensure the security, sustainability, and health of the open-source software ecosystem.

From the RFI:

The RFI aims to further the work of OS3I by identifying areas most appropriate to focus government priorities, and addressing critical questions such as:

  • How should the Federal Government contribute to driving down the most important systemic risks in open-source software?
  • How can the Federal Government help foster the long-term sustainability of open-source software communities?
  • How should open-source software security solutions be implemented from a technical and resourcing perspective?

We hope that potential respondents will view this RFI as a civic opportunity to help shape the government’s thinking about open-source software security.




Submit your comments


Thank you for supporting our work.



Stay updated.



Help make GovFresh better.