ONCD/CISA Have A Request For Information On Open Source security

The ONCD / CISA has issued a Request for Information on security areas in open source software, and seeking insights on their long-term focus and prioritization:

The security and resiliency of open-source software is a national security, economic, and a technology innovation imperative. Because open-source software plays a vital and ubiquitous role across the Federal Government and critical infrastructure, vulnerabilities in open-source software components may cause widespread downstream detrimental effects. The Federal Government recognizes the immense benefits of open-source software, which enables software development at an incredible pace and fosters significant innovation and collaboration. In light of these factors, as well as the status of open-source software as a free public good, it may be appropriate to make open-source software a national public priority to help ensure the security, sustainability, and health of the open-source software ecosystem.

Allen Drennan, Co-Founder & Principal, Cordoniq had this comment on this initiative:

It is critical that we prioritize the primary open-source, security software infrastructure that runs the Internet. A significant portion of the Internet uses open-source security stacks such as OpenSsl for cryptography and PKI for both clients and server, and history has shown that major vulnerabilities in these components have wide-spread implications (think Heartbleed).  Ideally ONCD and CISA need to derive a overall plan that not just involves how to identify and rectify issues in open source security stacks, it needs to come up with a plan to react to issues in the event they arise so widespread malware attacks can be mitigated.

Open source software can’t become the Wild West as that will simply end badly. Thus this is a good move to make sure that this does not happen and open source software can be used safely regardless of the use case.

Leave a Reply

%d bloggers like this: