August 9, 2024

Read the full report here

Today, the White House Office of the National Cyber Director, in partnership with members of the Open-Source Software Security Initiative (OS3I), is publishing a summary report on the Request for Information (RFI): Open-Source Software Security: Areas of Long-Term Focus and Prioritization. This builds on the commitment the Administration made in the National Cybersecurity Strategy, “to invest in the development of secure software, including memory-safe languages and software development techniques, frameworks, and testing tools.” 

This report harnesses the Biden-Harris Administration’s once-in-a-generation investment in our Nation’s infrastructure and competitiveness to deliver tangible outcomes. Through the President’s signature Bipartisan Infrastructure Law, the Department of Homeland Security is using dedicated funding to launch the Open-Source Software Prevalence Initiative (OSSPI). The OSSPI is intended to further our national understanding of the distribution of use of open-source software components in critical infrastructure, allowing the Federal Government and partners in the open-source community to strengthen the security of the open-source software ecosystem.

The RFI summary report consolidates submissions received from the open-source software community and details twelve activities that members of the OS3I plan—or have completed—in 2024-2025. These activities include: (1) Advance research and development; (2) Secure package repositories; (3) Partner with open-source communities; (4) Promote further development and implementation of the use of Software Bill of Materials; (5) Strengthen the software supply chain; (6) Establish the first U.S Government Open-Source Program Office; (7) Assign vulnerability severity metrics; (8) Increase education and training tools; (9) Expand International Collaboration; (10) Enhance security and replace components of legacy software; (11) Advance public-private partnerships; and (12) Use formal methods.

The Biden-Harris Administration remains steadfastly committed to long-term planning and collaboration with the open-source software community to achieve a more defensible and resilient digital ecosystem for all Americans.

Read the full National Cybersecurity Strategy here.

Read the full OS3I End of Year Report here.

Read the full 2023 National Cybersecurity Strategy Implementation Plan here.

Read the full 2024 National Cybersecurity Strategy Implementation Plan here.

Read the full Back to the Building Blocks Report here.

Stay Connected

Sign Up

We'll be in touch with the latest information on how President Biden and his administration are working for the American people, as well as ways you can get involved and help our country build back better.

Opt in to send and receive text messages from President Biden.

Scroll to Top Scroll to Top
Top