Signal 2024.09.03

What's on our radar.

Estimated read time: 5 minutes

Icon of satellite dish

Satellite dish icon via Font Awesome

By Luke Fretwell · September 3, 2024

White House sums up SOSS RFI 🍝

The White House summarized input from an open source software security request for information.

  • A National Cyber Director and Open-Source Software Security Initiative collab.

Some themes:

  • Advance research and development
  • Secure package repositories
  • Partner with open source communities
  • Software bill of materials
  • Strengthen software supply chain
  • Open source program office
  • Assign vulnerability severity metrics
  • Increase education and training
  • Expand international collaboration
  • Advance public-private partnerships

Deeper:

Software dependency solicitation 💰

The U.S. Department of Homeland Security Silicon Valley Innovation Program announced a software artifact dependency graph solicitation.

  • “To better understand, manage, and reduce risk to the software that powers cyber and physical infrastructure.”
  • “provides selected companies each with up to $1.7 million in non-dilutive funding over four phases to develop and adapt commercial technologies for homeland security use cases”
  • Deadline Dec. 16

SVIP Managing Director Melissa Oh:

  • “Through this partnership with startups working with the open source software community, we hope to advance public progress toward greater visibility and transparency of the global software supply chain.”

CISA Section Chief for Open Source Software Security Aeva Black:

  • “Scaling artifact dependency graph generation will improve open source ecosystems’ secure by design practices and empower network defenders to more easily and more accurately respond to emerging vulnerabilities.”

Deeper:

CISA on SOSS 🎙️

CISA’s Aeva Black gives a public sector take of open source security on the What’s in the SOSS? podcast.

Black:

  • “The burden of securing open source — its ongoing maintenance, its testing, quality assurance, getting signing — to make open source continue to be deserving of the trust we’ve all placed in it that can’t rest solely on unfunded volunteers.”
  • “Companies have to participate, shoulder up and help.”

Deeper:

OSPOs for good 🫶

OSPOs for Good 2024 highlights from OpenSSF:

  • “Adoption of open source in public administration emerged as a key trend with discussions focusing on how governments and municipalities can leverage open source to improve public services and foster innovation.”

Foundation for Public Code President Ben Cerveny:

  • “Public software is a process that requires ongoing orchestrated collaboration between public administrations.”

Philippe Bareille, City of Paris:

  • “A public sector administration project such as Lutece at the City of Paris is an important professionalizing project for students looking to get involved in a project that can have an impact on their lives as citizens.”
  • “We encourage higher education establishments specializing in IT to offer professional open source courses.”

Deeper:

Regulating with the people ⚖️

The White House Office of Information and Regulatory Affairs shared (.pdf) how agencies engage with the public in the regulatory process.

Key themes:

  • Early engagement
  • Robust public comment process
  • Participation from affected communities, including underserved communities
  • How the agency took public input into account

OIRA Associate Administrator Sam Berger:

  • “Public input makes the regulatory process work better.”
  • “Agencies can be more responsive to public needs, rules can benefit from a wide range of inputs, and members of the public can see how their voices make a difference.”

Deeper:

Public backlogs, roadmaps 🗺️

A new tool lists public backlogs and roadmaps from “public sector organisations around the world.”

Public Digital’s Ross Ferguson (blog):

  • “Public backlogs and roadmaps are an indication that a team or an organisation has a good culture based on taking pride in their work”
  • “that they approach things iteratively powered by feedback”
  • “that they are taking good care of the public money they have been entrusted with in order to deliver public benefits”
  • “that first and foremost they care about engaging the users of their product or service and their needs”

Poor Richard’s hack 🪁

DEF CON Franklin is building a cyber volunteer task force.

  • “will connect with and support communities that are at gravest risk and least protected from growing attacks, such as water utilities and K-12 school districts”

DEF CON organizer and University of Chicago policy lecturer Jake Braun:

  • “We find a utility or school district that’s interested, we find somebody who makes sense to be their volunteer, but then we stay involved for like a month or two to help them figure out what to ask for.” (NBC News)

National Rural Water Association CEO Matt Holmes:

  • “This is the kind of common-sense, hands-on approach that we know works in rural and small town America. We are excited to partner with them and bring our collective expertise to bear on this challenge.” (NBC News)

Deeper:

Don’t call it a comeback 🐮

Hacking icon Peiter Zatko (aka Mudge) returns to DARPA as chief information officer.

Mudge:

  • “I’m back”

DARPA:

  • “His track record of creativity in addressing critical cybersecurity and IT modernization challenges, as well as his experience as a former program manager, make him well-suited to our unique environment.”

Deeper:

Up vote 🗳️

Vote.gov got an upgrade:

  • More languages
  • Accessibility enhancements
  • More voting/registration info

GSA:

  • “More exciting improvements to come, including a tool to make it easier to fill out the National Mail Voter Registration Form.”

Deeper:

New open gov website 💻

The U.S. Open Government Secretariat has a new website.

What the secretariat does:

  • “leads our nation’s involvement in the Open Government Partnership and works to strengthen public engagement”

Deeper:

Hack Congress 🏛️

Congressional Hackathon 6.0 is September 19 at the U.S. Capitol.

  • “Where technologists meet policymakers and work on how to innovate Congress.”
  • “Members of Congress, Congressional staff, Legislative Branch agency staff, open government and transparency advocates, civic hackers, and developers from digital companies.”

Deeper:

Tech talent toolkit 🧰

U.S. Digital Response built a talent toolkit “for attracting, developing, and retaining a high-performing digital service workforce.”

  • Gives government “best practices, practical examples, and downloadable templates to attract and nurture technologists, including product managers, designers, and software engineers.”

Deeper:

‘Better government, one form at a time’

FormFest 2024 wants your session proposal.

  • A Code for America and Beeck Center for Social Impact + Innovation collab.

CfA CEO Amanda Renteria:

  • “When done well, forms make critical services more accessible and inclusive—transforming how people interact with government.”

Beeck Executive Director Lynn Overmann:

  • “Forms play an outsized role in helping families and workers apply for government programs that can help them put food on the table, obtain health care, or find stable housing.”

Deeper:

Grace talks 🧑‍💻

The National Security Agency posted a video of Grace Hopper speaking to the agency in 1982.

Watch:

Book club 📚

Recent reads (+ listens):

Reading (+ listening):

Events 🗓️

Fun fact 🎉

Onion routing, the core approach to Tor technology, was created by the U.S. Naval Research Laboratory. (Wikipedia)

Community 🫶

Got tips? 📫

  • Topics: tech, design, open source, data, security, blockchain, AI, civic hacking
  • Send to: signal@govfresh.com
  • Subject: ‘Signal tip’

Got feedback? 😍

Get Signal 📨