Toward Policy for Open Source Software as Infrastructure
canopic jug writes:
The Atlantic Council has published a policy report entitled "Avoiding the success trap: Toward policy for open-source software as infrastructure". It addresses the idea of Open Source Software (OSS) as essential infrastructure. OSS differs from physical infrastructure yet supports critical functions, provides dependable services, offers subtle and often unseen service delivery, and functions through decentralized control.
This report aims to develop tangible example policies for the United States and European Union to support OSS as infrastructure and point policymakers toward existing policy vehicles that government can readily modify and adopt to better support and engage with the OSS ecosystem. The report does not seek to make definitive statements about what open source is or is not through these analogies. Rather the goal is to capture a snapshot of its most essential features and most consequential participants. Any of the analogies can be extended far past usefulness, and policymakers should approach each keeping in mind the essential truth that, while all models are wrong, some (including, we believe, these) are useful, nonetheless. Before diving into the analogies though, this report looks to discuss the open-source ecosystem as it is, highlighting key principles and addressing common misconceptions.
[...] None of this report reflects a belief that OSS is inherently insecure, but rather that it is uniquely central to modern digital systems and that relationships with the OSS community are necessarily, and substantively, different than those government has grown accustomed to with industry and industry within itself. Sustainable use emphasizes the user responsibility for much of the risk associated with software use, including OSS, and addresses OSS-specific features of development and contribution possibly only with open-source code. Addressing systemic risk is an important step for policy efforts to support the security and sustainability of OSS projects with an accurate picture of the considerable interdependency between code bases. Finally, governments must step up to support OSS as the infrastructure that it is. These resources should come alongside expanded private sector support and can manifest in targeted formats as well as a more general support model, the OSS Trust. OSS is infrastructure, and the provision of support for it as such will permit more rapid adoption and considerable innovation in even critical domains of economic and government activity.
So it seems that the establishment continues to turn its jaundiced eye towards software development.
Previously:
(2023) Opinion: FOSS Could be an Unintended Victim of EU Security Crusade
(2022) Honoring Peter Eckersley, Who Made the Internet a Safer Place for Everyone
(2022) Open Source Community Sets Out Path to Secure Software
Read more of this story at SoylentNews.