FreeBSD Foundation introduces SSDF Attestation for secure software development
The FreeBSD Foundation, a public charity devoted to forwarding the open-source FreeBSD operating system and its community, has announced the availability of SSDF Attestation. This function simplifies the process for vendors and cloud providers to demonstrate the secure development methods of their FreeBSD software.
The Secure Software Development Framework (SSDF) from the National Institutes of Standards and Technology (NIST) is a set of programming practices to reduce software vulnerabilities in programs utilised by the US Government. This legislation will come partially into effect in late 2023, with full enforcement anticipated to begin in 2024.
The introduction of the SSDF will see the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) requiring all organisations licensing software to the US government to testify that both their proprietary software and any open source elements observe the SSDF standards.
Ed Maste, the Senior Director of Technology with the FreeBSD Foundation, underlined the pioneer status of the FreeBSD community in secure, distributed, open-source software development since its inception. "With governments globally recognising open source's ubiquity and its crucial role in innovation, plus the necessity for security by default and design, the FreeBSD Foundation is proud to present the SSDF Attestation to our commercial allies."
As FreeBSD technology is extensively employed to empower countless US government applications, this novel service is specifically designed to streamline the process for vendors and cloud providers to attest to the secure development methods of their FreeBSD software.
NetApp, a commercial FreeBSD user, welcomes this latest offering. Senior Director of ONTAP Engineering at NetApp, Matt Hambrick, revealed FreeBSD bolsters NetApp's delivery of products that reliably meet customer expectations for security, supportability, and performance. "As part of our reporting process to our US Government clients on our secure software development systems and procedures, the FreeBSD SSDF Attestation report has become a valuable and much appreciated tool."
FreeBSD also plays an integral role in Metify's tech stack, delivering bare metal server and wireless ISP solutions. Mike Wagner, the Co-Founder and CEO of Metify, praised FreeBSD's security, supportability, reliability, and the creative open community as substantial benefits for Metify. "As a startup, the SSDF Attestation report from the FreeBSD Foundation is a significant help and crucial driver for our Federal Government growth strategy," he stated.
Furthermore, the new report is accessible to all commercial user partners of the FreeBSD Foundation, irrespective of their contribution level: Silver, Gold, or Platinum.
In addition, Murugiah Souppaya, a Computer Scientist in the Computer Security Division of the Information Technology Laboratory at NIST, expressed satisfaction upon seeing the SSDF's effective adoption by organisations such as the FreeBSD Foundation. He added that it aligns with the Executive Order on Improving the Nation's Cybersecurity (EO 14028) and the Foundation's efforts to develop attestation mappings for secure software development procedures within the open-source community.