The United States government has released a summary report on last year’s Request for Information (RFI) on open source software, outlining key submissions, findings, and actionable recommendations to strengthen and secure the open source ecosystem.
The report details the following twelve activities that government agencies plan to address in the coming period:
- Advance research and development.
- Secure package repositories.
- Partner with open-source software communities.
- Promote further development and implementation of the use of Software Bill of Materials (SBOMs).
- Strengthen the software supply chain.
- Establish the first U.S Government Open-Source Program Office (OSPO).
- Assign vulnerability severity metrics.
- Increase education and training tools.
- Expand International Collaboration.
- Enhance security and replace components of legacy software.
- Advance public-private partnerships.
- Use formal methods.
“A significant step in the right direction”
In our response (submitted under the Dalewind Software name) to the RFI, we recommended that the United States establish a dedicated public fund to support the open source ecosystem, similar to the Sovereign Tech Fund in Germany, with a focus on scalability. We are pleased that the report specifically highlights our proposal in the Sustaining Open-Source Software Communities and Governance chapter.
The full report can be accessed via the following link:
Summary Of The 2023 Request For Information On Open-Source Software Security