White House National Cyber Director requests feedback on open-source software security
The White House’s National Cyber Director — in collaboration with other federal agencies, including the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency — announced on Monday that it’s seeking feedback on open-source software security and memory-safe programming languages.
Federal officials are hoping to advance national cybersecurity goals and focus on the risks raised by the ubiquitous presence of open-source software. Now, officials have issued a request for information from private industry, as well as other stakeholders, on potential policy solutions. Responses are due at 5 PM on October 9, 2023.
“In addition to its many benefits, the ubiquity of open-source software in commercial products, government systems, and military platforms presents unique security risks,” said a White House press release publicized on Thursday. “Open source software brings unique value, and has unique security challenges, because of its breadth of use and the number of volunteers.”
The Biden administration has repeatedly highlighted security concerns raised by open-source software — which, as officials have pointed out — is sometimes used by the national security community. Notably, the Open-Source Software Security Initiative, an White House-led project, has identified several priorities, including increasing the proliferation of memory safe programming languages,” “designing implementation requirements for secure, privacy-preserving security attestations,” and “identifying and promoting focused areas for prioritization.”
Last week, the White House said it would launch a Defense Advanced Research Projects Agency competition focused on using artificial intelligence to fix bugs created, in particular, by open-source software.
