White House National Cyber Director requests feedback on open-source software security

Officials are calling on private industry, as well as other stakeholders, to provide information about potential policy solutions.
WASHINGTON, D.C. - APRIL 22, 2018: An American flag flies over the south facade of the White House in Washington, D.C. (Photo by Robert Alexander/Getty Images)

The White House’s National Cyber Director — in collaboration with other federal agencies, including the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency — announced on Monday that it’s seeking feedback on open-source software security and memory-safe programming languages.

Federal officials are hoping to advance national cybersecurity goals and focus on the risks raised by the ubiquitous presence of open-source software. Now, officials have issued a request for information from private industry, as well as other stakeholders, on potential policy solutions. Responses are due at 5 PM on October 9, 2023.

“In addition to its many benefits, the ubiquity of open-source software in commercial products, government systems, and military platforms presents unique security risks,” said a White House press release publicized on Thursday. “Open source software brings unique value, and has unique security challenges, because of its breadth of use and the number of volunteers.”

The Biden administration has repeatedly highlighted security concerns raised by open-source software — which, as officials have pointed out — is sometimes used by the national security community. Notably, the Open-Source Software Security Initiative, an White House-led project, has identified several priorities, including increasing the proliferation of memory safe programming languages,” “designing implementation requirements for secure, privacy-preserving security attestations,” and “identifying and promoting focused areas for prioritization.”


Last week, the White House said it would launch a Defense Advanced Research Projects Agency competition focused on using artificial intelligence to fix bugs created, in particular, by open-source software.

Rebecca Heilweil

Written by Rebecca Heilweil

Rebecca Heilweil is an investigative reporter for FedScoop. She writes about the intersection of government, tech policy, and emerging technologies. Previously she was a reporter at Vox's tech site, Recode. She’s also written for Slate, Wired, the Wall Street Journal, and other publications. You can reach her at Message her if you’d like to chat on Signal.

Latest Podcasts