The United States presidency believes it is making progress in its work to improve the security of open source software, and is publishing an end-of-year report on the efforts of its Open-Source Software Security Initiative (OS3I). The government recalls in this report that “since the discovery of the Log4Shell vulnerability in 2021, the Biden-Harris administration has reinforced its commitment to securing the open source software ecosystem”.
“Encourage investments”
In March 2023, this administration released its National Cybersecurity Strategy (NCS), asserting that “in partnership with the private sector and the open source software community, the federal government will continue to invest in the development of secure software.”
“In 2023, OS3I focused on four key areas:
1. Unify the federal government’s voice on open source software security.
2. Establish a strategic approach to the federal government’s secure use of open source software and efforts to secure the ecosystem as a whole.
3. Advance President Biden’s “Invest in America” agenda by encouraging sustained, long-term security investments in the open source software ecosystem.
4. Engage and build trust in the open source software community.”
OS3I is coordinated by the office of the National Cyber Director, attached to the President of the United States and created in January 2021.
“Open source software is a public good”
The report notes that “Americans rely on systems based on open source software. The advantages of open source software (…) have contributed to their omnipresence in hardware and software in almost every economic sector. Nearly every Internet of Things software application, website, mobile device, and equipment, including those used by small businesses, the federal government, and the national security community, incorporates open source software to enable development processes rapid applications.”
“However, because the development of open source software is often decentralized and driven by volunteers, the adoption of best practices is not uniform,” notes the report. Who then states:
“Given that open source software is a public good, ensuring its resilience is a technical necessity and a strategic imperative to protect and promote U.S. interests.”
Read also
Google and Microsoft fund open source software security – February 13, 2022
Log4j: White House asks companies to improve security of open source software – December 28, 2021
US Defense and Homeland Security are increasingly using open source – June 4, 2009