Response to Office of National Cyber Director Request for Comment on Open-Source Software Security and Memory Safe Programming Languages
Abstract
The Software Engineering Institute (SEI) at Carnegie Mellon University is a Federally Funded Research and Development Center (FFRDC) that is committed to the advancement of practice in software engineering and cybersecurity. Open-Source Software (OSS) provides significant opportunities for the global community of programmers, software developers, and customers by providing mostly useful, prepackaged algorithms and coded programs that enable rapid development of all varieties of applications. Unfortunately, those benefits may be offset by risk exposure for consumers who may be unaware of malicious and non-malicious elements found within the products used. This document captures the response of the SEI to the United States White House Open-Source Software Security Initiative (OS3I) request for information that was issued in August 2023. In summary, the SEI recognizes the greatest value and priority for the United States Government (USG) to focus upon Secure OSS Foundations along with OSS Communities and Governance followed by other areas provided. Finally, the SEI shares some additional contributions to novel policy and economic considerations.
Document Details
- Document Type
- Technical Report
- Publication Date
- Oct 01, 2023
- Accession Number
- AD1214435
Entities
People
- Brett Tucker
- Hasan Yaşar
- Joseph Yankel
- Robert Schiela
- Scott A. Hissam
Organizations
- Carnegie Mellon University