ICANN report: DNS runs on FOSS

ICANN's Security andStability Advisory Committee (SSAC) has announceda reporton "the critical role of Free and Open Source Software (FOSS)within the Domain Name System (DNS)". The report is aimed atpolicymakers and examines recent cybersecurity regulations in the US,UK, and EU as they apply to FOSS in the DNS system; it includesfindings and guidelines "to strengthen the FOSS ecosystem that iscritical to the secure and stable operation of the Internet". Fromthe report's summary:

This ecosystem depends on a global network of maintainers andcontributors who are often unpaid volunteers. While many are unpaidvolunteers, the DNS space is unique in also relying on a handful oflong-lived maintenance organizations. This creates a model based oncommunity collaboration rather than the commercial contracts thatdefine a traditional software supply chain, which introduces uniquerisks related to financial sustainability for the maintenanceorganizations and maintainer burnout for volunteers.

These unique characteristics mean that regulatory frameworksdesigned for proprietary software may not be well-suited for FOSS andtherefore could have severe unintended consequences to the stabilityof critical Internet infrastructure.

Thanks to SSAC member Maarten Aertsen for the tip.