Hi all, How would we respond to this request? Should anyone who wants to respond do so on personal title (mentioning their ASF affiliation), or do we want to try and make some kind of joint statement?
I've started drafting some of my thoughts in a doc at https://docs.google.com/document/d/1NU1ytkOeg6a3GnZVPJc8dzKMEmdFhWzKd82CzXXeK9w/edit?usp=sharing , though it's still rather rough. Arnout On Tue, Aug 15, 2023 at 5:04 PM Mark J Cox <m...@apache.org> wrote: > CISA contacted us to highlight an important request for comments on > memory-safe programming languages. Instead of rewriting their email, I've > quoted it below (with permission) > > Regards, Mark > > : > > > > OSS Colleagues, > > > > CISA would like to take this opportunity to flag the recent request for > information (RFI) released by the White House Office of the National Cyber > Director (ONCD) (in coordination with the Cybersecurity and Infrastructure > Security Agency (CISA), the National Science Foundation (NSF), the Defense > Advanced Research Projects Agency (DARPA), and the Office of Management > and Budget (OMB)). > > > > CISA recognizes the importance of the OSS community, and we are flagging > this RFI to ensure it is widely seen and shared with leading organizations > within OSS. As part of the U.S. federal government, we are seeking input > from OSS organizations and other private entities to help shape the federal > government’s strategy and action plan to strengthen the OSS ecosystem. > > > > Please feel free to further share this RFI with others in the community. > > > > Note, comments must be received by *5pm EST on October 9, 2023*. Responses > can be submitted either: > > > > 1. Through regulations.gov directly using the “Comment” button on the > top left of the site. > 2. Through email using MS Word or PDF to os3i...@ncd.eop.gov. Please > ensure the email subject header is “Open-Source Software Security RFI > Response” and your organization's name. > > > > *Further submission guidelines and notes can be found in the RFI* (found > here: https://www.regulations.gov/document/ONCD-2023-0002-0001). Please > direct any questions related to this RFI to os3i...@ncd.eop.gov (Nasreen > Djouini – telephone: 202-881-4697). > > > > The full White House and CISA announcements can also be found at the links > below: > > > > - White House Announcement: > > https://www.whitehouse.gov/oncd/briefing-room/2023/08/10/fact-sheet-office-of-the-national-cyber-director-requests-public-comment-on-open-source-software-security-and-memory-safe-programming-languages/ > - CISA Announcement: > > https://www.cisa.gov/news-events/news/we-want-your-input-help-secure-open-source-software > > > > Thank you all in advance for any feedback submitted and for your continued > collaboration with CISA! >
