August 24-25, 2022
The goal of this virtual workshop is to bring together stakeholders from the open-source software (OSS) community, the private sector, academia, and the U.S. Government, to improve the security of the open-source software ecosystem. The workshop will consist of a combination of invited talks, panels, and breakaway sessions. The workshop is designed to generate ideas and broad discussion around possible approaches to investing in the security of open-source, while also prioritizing discussion of specific focus areas.
The workshop will specifically focus on recommendations for making progress in the following three topic areas:
- Memory-Safe Programming Languages (focusing on ways to increase their adoption in OSS)
- Software Dependency Management
- Behavioral & Economic Incentives to Secure the Open-source Software Ecosystem (Developers’ practices, team dynamics, and projects)
The recommendations generated by the workshop may cover U.S. Government Research and Development (R&D) investment (including potentially sponsoring a Grand Challenge), acquisition practices, policy and legal issues, and other mechanisms through which OSS security may be improved for all. The workshop findings and recommendations have been distilled into a report, published on 30 September 2022.
This workshop is intended to benefit the United States by investing in the shared open-source software infrastructure that the public and private sectors both rely on and addressing challenges spanning the global software community. The workshop is in direct support of the U.S. Open Source Security Initiative’s LOE1 (“Enhance and Invest in Secure and Transparent OSS Development”), which is co-chaired by the White House (OMB) and the NSF.