Today, the White House Office of the National Cyber Director (ONCD), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), the National Science Foundation (NSF), the Defense Advanced Research Projects Agency (DARPA), and the Office of Management and Budget (OMB), is announcing a Request For Information (RFI) on open source software security and memory safe programming languages. The RFI builds on the commitment the Administration made in the National Cybersecurity Strategy, “to invest in the development of secure software, including memory-safe languages and software development techniques, frameworks, and testing tools.” The RFI also advances initiative 4.1.2 of the National Cybersecurity Strategy Implementation Plan.
In addition to its many benefits, the ubiquity of open-source software in commercial products, government systems, and military platforms presents unique security risks. For this reason, the White House established the Open-Source Software Security Initiative (OS3I), an interagency working group with the goal of identifying policy solutions and channeling government resources to foster greater open-source software security across the ecosystem. By working with other interagency partners, OS3I identified several focus areas, including (i) increasing the proliferation of memory safe programming languages; (ii) designing implementation requirements for secure, privacy-preserving security attestations; and (iii) identifying and promoting focused areas for prioritization.
This RFI seeks public and private sector input as federal leadership develops its strategy and action plan to strengthen the open-source software ecosystem. ONCD, CISA, NSF, DARPA, and OMB are seeking input from stakeholders to develop and implement long-term and sustainable policy solutions.
Responses are due by 5:00 p.m. EDT on November 8, 2023.