AVOIDING THE SUCCESS TRAP: - Toward Policy for Open-Source Software as Infrastructure
9 February 2023
AVOIDING THE SUCCESS TRAP: Toward Policy for Open-Source Software as Infrastructure By Stewart Scott, Sara Ann Brackett, Trey Herr, and Maia Hamin with the Open Source Policy Network The Cyber Statecraft Initiative works at the nexus of geopolitics and cyber- security to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology. [...] This work extends through the competition of state and non-state actors, the security of the internet and computing systems, the safety of operational technology and physical systems, and the communities of cyberspace. [...] Develop an OSS Best Practices framework through and long-lasting investments in the security and main- NIST that incorporates risk assessments and contribu- tenance of OSS code and the health and size of OSS tion back to the OSS ecosystem. [...] The mindset of putting out a fire in open source, without critically reevaluating the relationship between OSS developers and consumers as well as the need for material acknowledg- ment of the importance of open-source code, threatens the long-term sustain- ability and security of OSS. [...] Instead of expecting “it is the policy of this State…To manage conjunctively the open-source software to be perfectly stable, well-main- appropriation, use, and administration of all waters of this tained, and fully secure upon import, OSS consumers can State, regardless of the source of the water.”56 continue to take more responsibility for their usage and all its benefits, consequences, and atte.