Since the discovery of the Log4Shell vulnerability in 2021, the Biden-Harris Administration has
fortified its commitment to secure the open-source software ecosystem. In March 2023, the Biden-Harris Administration released the National Cybersecurity Strategy (NCS), which stated, “in partnership
with the private sector and the open-source software community, the Federal Government will also continue to invest in
the development of secure software, including memory-safe languages and software development techniques, frameworks,
and testing tools.” This commitment laid the foundation for the Office of the National Cyber Director
(ONCD) to foster improved security in open-source software development practices through the 2023
NCS Implementation Plan Initiative 4.1.2, “Promote open-source software security and the adoption
of memory-safe programming languages.”
The NCS Implementation Plan expands and matures the role of the Open-Source Software Security
Initiative (OS3I). The OS3I convenes Federal agencies and considers input from the open-source
software community, civil society, and private sector stakeholders across the open-source software
landscape to deliver policy solutions to secure and defend the open-source software ecosystem. This End of Year Report is a product of the OS3I Working Group. The Report begins by providing background on the
significance of open-source software, its ecosystem, and inherent challenges. Next, the report recaps the progress made by the OS3I on key 2023 deliverables in each of the aforementioned key areas. The
report concludes with prospects for OS3I work in 2024.
Authors
- Published in
- United States of America