Securing Open-Source Software

2022-07-27 12:03

Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards.

Given open source's value as a public asset, an institutional structure must be built that sustains and secures it.

Open-source code has been called the "Roads and bridges" of the current digital infrastructure that warrants the same "Focus and funding." Eric Brewer of Google explicitly called open-source software "Critical infrastructure" in a recent keynote at the Open Source Summit in Austin, Texas.

Germany wants to treat open-source software as a public good and launched a sovereign tech fund to support open-source projects "Just as much as bridges and roads," and not just when a bridge collapses.

The European Union adopted a formal open-source strategy that encourages it to "Explore opportunities for dedicated support services for open source solutions [it] considers critical."

Designing an institutional framework that would secure open source requires addressing adverse incentives, ensuring efficient resource allocation, and imposing minimum standards.

News URL

https://www.schneier.com/blog/archives/2022/07/securing-open-source-software.html

#opensource