The Biden administration on Thursday issued a Request for Information (RFI) seeking input on a federal strategy and action plan to strengthen the security of open-source software, which is widely used in federal systems, critical infrastructures, and military platforms.
The RFI, Open-Source Software Security: Areas of Long-Term Focus and Prioritization, supports ongoing work by the Open-Source Software Security Initiative (OS3I), an interagency working group that is focusing public sector efforts on the cause. The RFI was issued by the Office of the National Cyber Director (ONCD), the Cybersecurity and Infrastructure Security Agency (CISA), the Defense Advanced Research Projects Agency (DARPA), and the Office of Management and Budget (OMB).
Established in 2021, the OS3I has identified three main focus areas including “reducing the proliferation of memory unsafe programming languages, designing implementation requirements for secure and privacy-preserving security attestations, and identifying new focus areas for prioritization,” says the RFI, which was published in the Federal Register.
The ONCD, CISA, DARPA and OMB seek responses in several potential focus areas and related sub-areas. Focus areas include secure open-source software foundations, sustaining open-source software communities and governance, research and development and innovation, and international collaboration.
Responses are due by Oct. 9. The RFI stems from the administration’s National Cybersecurity Strategy, which directed investments in secure software.