The Software Supply Chain Security Mobilization Plan and Google’s Assured Open-Source Software Initiative
Here at OODA Loop, during the recent spate of unprecedented Joint Cybersecurity Advisories (CSA), we praised CISA and the results of the Joint Cyber Defense Collaborative (JCDC) – which was launched only late last year. Overall, as OODA CTO Bob Gourley recently pointed out: “We are so pleased with the quality of work and the professionalism in recent reporting from our government agencies on the nature of the cyber threat.”
The May 2022 OODA Network Member Meeting ended with a discussion of recent developments at the White House – in partnership with major tech companies – regarding open source software and code security, including the tech giants’ pledge to $30M to boost open-source software security. Not much unlike the CISA/JCDC cybersecurity efforts, it seems this commitment and collaboration are also netting results at an unheard-of pace. Specifically, Google already has plans for a Q322 release of open-source software libraries previously fully vetted by their security operation.