The Office of the National Cyber Director has released the summary report on the request for information it had issued in 2023 to call for recommendations on the areas that need to be focused on and prioritized in order to properly secure the open-source software, or OSS, ecosystem.
The report consolidates the feedback that was received from the OSS community, the ONCD said Friday. The feedback covered five areas, namely: secure OSS foundations; sustaining OSS communities and governance; behavioral and economic incentives to securing the OSS ecosystem; research and development; and international collaboration.
Feedback that did not fall under these groups were classified under a general sixth category named “other.”
Based on the comments, the public agreed on, among other things, the need to use memory-safe programming languages; investment in education to develop a workforce versed in programming; strong contribution on the part of the federal government, including participation in standards-setting, incentivizing the promotion of ecosystem safety and collaboration with international partners; and the need for better vulnerability disclosure mechanisms.
The RFI was issued in light of the growing use of OSS, as promoted by the National Cybersecurity Strategy, and the increasing cyber threat that accompanied it.
“It is imperative to bolster the security and resilience of the open-source software ecosystem while preserving the key features that foster innovation and economic prosperity,” the report said.