Cybersecurity — and specifically software provenance, assurance, and supply chain trust — has gained the attention of governments around the globe. For example, on May 12, 2021, President Biden released an Executive Order (EO) on Improving the Nation’s Cybersecurity that aims to counter “persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” In the European Union, the European Union Agency for Cybersecurity (ENISA) seeks “to achieve a high common level of cybersecurity across the Union in cooperation with the wider community.” However, with this increased global attention on cybersecurity, there is a risk that government policies (such as laws, regulations, guidelines, and reports issued by various institutions) could impose measures inconsistent with the development and use of open source software (OSS). Typically (but not always), this is unintentional and is due to a lack of understanding of how OSS is developed, distributed, and used.
OpenSSF supports groups and hosts events for members to collaborate on public policy matters.