Bill S4913 was introduced in the Senate last week. “To establish the duties of the Director of the Cybersecurity and Infrastructure Security Agency regarding open source software security, and for other purposes.” It elevates the importance of OSPOs and mentions academic ones by noting that open source software fosters technology development and is an integral part of overall cybersecurity.
By stating that open source software is part of the foundation of digital infrastructure that promotes a free and open internet and the Federal Government should play a supporting role in ensuring the long-term security of open source software they are planing on establishing a Director position to focus on outreach, support and strengthening of the open source community.
“(1) IN GENERAL.—The Director shall—
“(A) perform outreach and engagement to bolster the security of open source software;
“(B) support Federal efforts to strengthen the security of open source software;
“(C) coordinate, as appropriate, with non-Federal entities on efforts to ensure the long-term security of open source software;
“(D) serve as a public point of contact regarding the security of open source software for non-Federal entities, including State, local, Tribal, and territorial partners, the private sector, international partners, open source software organizations, and open source software developers; and
“(E) support Federal and non-Federal supply chain security efforts by encouraging efforts to bolster open source security, such as—
“(i) assisting in coordinated vulnerability disclosures in open source software components pursuant to section 2209(n); and
“(ii) supporting the activities of the Federal Acquisition Security Council.