Since open source software serves as the foundation for many commercial technology goods and services, the Biden administration has placed a strong emphasis on enhancing its security and sustainability.
This year, the Cybersecurity and Infrastructure Security Agency will step up efforts to increase transparency and visibility in the software and technology supply chains, with a variety of initiatives building toward what the agency’s executive director refers to as “cyber safety.”
For example, CISA and the Science and Technology Directorate of the Department of Homeland Security are planning studies to examine the usage of open source software in key infrastructure sectors. At a GitHub-sponsored event on January 10 at the Center for Strategic and International Studies, senior advisor and strategist Allan Friedman from CISA made a statement.
An open source summit involving leaders from government organisations, major technology companies, and open source software foundations was held at the White House in January of last year.
While the majority of open source operations take place outside of agency boundaries, according to Friedman, the government can step in when “huge resources aren’t accessible today,” such as when it comes to essential infrastructure.
“So understanding, what are the massive public goods where government is needed to both write checks and help coordinate, is going to be a key part moving forward and advancing the agenda to support open source and support sustainability,” Friedman states.
One aspect of the Biden administration’s focus on cybersecurity is open source software. In a panel discussion last week at the Consumer Electronics Show in Las Vegas, Nevada, CISA Director Jen Easterly raised a concern about “decades of insecure technological design.”
Efforts to increase agency exposure in the software and technology sector are actively pursued. The Software Bill of Materials concept is being promoted by Friedman and his colleagues at CISA, and the White House plans to introduce a national cybersecurity labelling programme for some Internet-connected products this spring.
In the global technology ecosystem, where top tech firms frequently construct their proprietary products using a patchwork of open source code maintained by people from all over the world, Friedman emphasised the necessity for projects that take into consideration various viewpoints and objectives.
Friedman cautioned that revealing the truth will lead to some unsettling discoveries as CISA and other organisations continue to investigate technological weaknesses.
