Greater international cooperation is needed to maintain the benefits of open source software while making it more secure, says a panel of policy makers at the State of Open Con 23 conference in London, UK. was the opinion emphasized by
Work related to open source software is already underway by the US federal government, said Camille Stewart Gloster, Office National Cyber Director of the White House’s National Cyber Director (ONCD). The effort began with President Joe Biden’s Zero Trust Executive Order (EO) in May 2021, issued in response to the attack on her SolarWinds supply chain in late 2020.
One aspect of this EO was to better understand the products and companies within the federal supply chain. For example, software vendors are required to provide a software bill of materials (SBOM) as part of the federal procurement process.
Join the discussion. Sign up for Infosecurity Magazine’s online summit to hear two experts go head-to-head on his SMOB effectiveness.
But EO is “only the beginning” of federal initiatives on open source, commented Stewart Gloster. The White House recognizes that “software is a key component of his chain of supply.”
She said the government is now working with industry to see other ways it can support the open source community in strengthening cybersecurity. A notable area identified by the government is memory reducing the use of unsafe languages. Stewart Gloster says that using secure programming languages reduces security vulnerabilities by “up to 70%.”
The Biden administration seeks to ensure that the federal government is made up of diverse skills and backgrounds, including technologists and engineers, to truly understand the impact of policies in areas such as open source, she added. I was.
“At ONCD, we have been very focused on how we evolve towards a secure and resilient digital ecosystem,” she said.
Part of this process is to “refine the role” of the federal government in open source security. Stewart Gloucester stressed that the administration “want to get information from the community itself” and stressed that “the government shouldn’t do everything”.
Salem Avan, Director of Policy, Strategy and Governance at the United Nations, said there is a strong focus on synergies and global common purpose building on open source development, as well as efforts in areas such as human rights and the environment. emphasized the need
Creating a “baseline of what we can work on,” Avan said, is essential.
However, he acknowledged the difficulty of finding consensus on digital issues among the 193 UN Member States. Cooperation in this area must start at the regional level and center around specific projects, he said.
“If we can get to that space, I think we can start building the different layers that open source needs in a global way, and maybe from there we can start building a bigger coalition and consensus. ‘ he commented.
He added that among developing countries, legal frameworks are often not currently in place to enable the safe and proper use of technologies like open source software.
Mike Bracken, a founding partner of Public Digital, was enthusiastic about the enormous benefits and possibilities that open source software offers, especially when it comes to rapid innovation and creativity. He said the government risks a “rock collection” over the issue, which could stifle innovation.
Rather than mimic the kinds of regulations developed in other areas of technology, we need to emphasize how open source can be actively used to enforce public policy, Bracken said. increase.
He added that using open source can prevent supply chain software from being provided by a small number of technology vendors.
