logo

Panel Discussion: Summing Up the Summit: OpenSSF’s May 2022 Gathering and Action Plan

2022-06-22

Authors:   David Wheeler, Brian Behlendorf, Trey Herr, Amelie Koran


Summary

The panel discussion summarizes the OpenSSF summit held in May 2022, which aimed to develop a mobilization plan for securing the open source ecosystem. The discussion focuses on the attitudes and progress of open source software security in the federal government and the input of developers and maintainers to the OpenSSF summit and mobilization plan.
  • The panelists introduce themselves and their backgrounds in technology and policy.
  • The Cyber Statecraft Initiative at the Atlantic Council has been working on software supply chain issues since 2019 and is collaborating with OpenSSF to bring more policy attention to open source security.
  • The OpenSSF mobilization plan includes ten work streams that prioritize different areas of open source security.
  • The panelists discuss the importance of prioritization and government demand signals in the mobilization plan.
  • The panelists also emphasize the need for more community engagement and volunteer contributions to the work streams.
  • The panelists reflect on the historical context of open source security and the usefulness of an S-bomb in incident response.
The panelists recall the Heartbleed incident in 2014 as a wake-up call for the importance of open source security. The literacy of open source software has increased over time, but there is still a need for more awareness and engagement from both government and community stakeholders.

Abstract

Join representatives from the Atlantic Council’s Cyber Statecraft Initiative and OpenSSF for a discussion about the summit held by OpenSSF in Washington DC on May 12 and 13, assembling representatives from industry and government to develop its mobilization plan for better securing the open source ecosystem. This discussion will pay special attention to attitudes toward and progress on open source software security in the federal government and the input of developers and maintainers to the OpenSSF summit and mobilization plan.

Materials:

Post a comment

Related work

Authors: Edd Wilder-James, Kim Lewandowski, Isaac Hepworth, Loris Degioanni, Randall Degges