Strengthening digital infrastructure: A policy agenda for free and open source software

In May of 2022, the first follow-up meeting was held and it identified 10 areas of focus to improve OSS security and provided specific plans of action and a call for $150 million in funding over two years. Importantly, such insight would be particularly valuable in the context of the “right to repair,” which was promoted as part of last year’s Executive Order on competition, such that companies would be able to upgrade to a patched version of a vulnerable software component. Given the nature of FOSS as a public good (like roads and bridges), it only makes sense for the U.S. government to invest in its security to ensure the digital infrastructure of the modern economy is stable, enabling businesses and individuals to continue building upon it as they have done for decades. As mentioned above, in response to the Log4Shell vulnerability, the White House NSC sponsored a multi-party meeting including representatives from government, the private sector, and nonprofit FOSS organizations. By measuring and understanding the FOSS ecosystem, enhancing its positive economic impact, and securing it with the policy recommendations above, we can help pave the way for a U.S. economy that is more innovative, more competitive, and more resilient than ever before.