Today, as part of President Biden’s National Cybersecurity Strategy (NCS), the Office of the National Cyber Director published the 2023 End of Year Report on the Open-Source Software Security Initiative (OS3I). The report details the critical work over the last year to continue the President’s commitment to secure the full benefits of a safe and secure digital ecosystem for all Americans.
The NCS commits that “in partnership with the private sector and the open-source software community, the Federal Government will also continue to invest in the development of secure software, including memory-safe languages and software development techniques, frameworks, and testing tools.” This commitment was further solidified in the NCS Implementation Plan which included a direction to “promote open-source software security and the adoption of memory-safe programming languages” among the over 65 high-impact Federal initiatives. The NCS Implementation Plan expands and matures the role of the OS3I, which convenes Federal departments and agencies and considers input from the open-source software community, civil society, and private sector stakeholders across the open-source software landscape to deliver policy solutions to secure and defend the ecosystem.
The 2023 End of Year Report details the significance of open-source software, its ecosystem, and inherent challenges. It also reflects the progress made by the OS3I on key 2023 deliverables. In 2023 the OS3I focused on four key areas:
1. Unifying the Federal Government’s voice on open-source software security;
2. Establishing a strategic approach for the Federal Government’s secure use of open-source software and efforts to secure the broader ecosystem;
3. Advancing President Biden’s Invest in America agenda by encouraging long-term, sustained security investment in the open-source software ecosystem; and
4. Engaging and building trust with the open-source software community.
As articulated in the NCS, the Biden-Harris Administration is committed to long-term planning and collaboration with the open-source software community to achieve a more defensible and resilient digital ecosystem. Coordinated by the Office of the National Cyber Director, the work of the OS3I in 2024 is already underway.
Read the full Open-Source Software Security Initiative End of Year Report here.
Read the full National Cybersecurity Strategy here.
Read the full National Cybersecurity Strategy Implementation Plan here.