
A new service has been announced by the FreeBSD Foundation, a public charity devoted to promoting the open-source FreeBSD operating system and its community. The new service is aimed at assisting commercial users of FreeBSD with the NIST Secure Software Development Framework (SSDF).
SSDF is a collection of software development standards based on known secure software development papers from organizations like BSA, OWASP, and SAFECode. It goes into partial effect in Q4 2023 and fully into effect in 2024. The goal of SSDF is to lessen software vulnerabilities in U.S. government software systems.
All firms licensing software to the U.S. government are required by OMB and CISA to self-certify that both their proprietary software and any open source components they use comply with the SSDF once they go into force.
Since its founding, the FreeBSD community has led the way in the creation of secured, distributed open source software. According to Ed Maste, Senior Director of Technology at the FreeBSD Foundation, "The FreeBSD Foundation is proud to provide SSDF Attestation to our commercial partners, as governments around the world recognize the ubiquity of open source, the importance of open source to innovate, and the need for security by design and default."
With the vast array of solutions powered by FreeBSD that the U.S. Government uses, the purpose of this new Foundation service is to facilitate vendor and cloud provider attestations to the safe development methods of the FreeBSD software they employ.
Bare Metal Servers
Regardless of contribution level, all FreeBSD Foundation partners have access to the FreeBSD SSDF Attestation report in order to guarantee availability to business customers of all sizes: Platinum, Gold, or Silver.
Murugiah Souppaya, a computer scientist in the Computer Security Division of the Information Technology Laboratory at the National Institute of Standards and Technology, said, "We at NIST are glad to see the SSDF is proving useful and is being adopted by organizations such as the FreeBSD foundation as it seeks to support the Executive Order on Improving the Nation's Cybersecurity (EO 14028) by developing attestation mappings to the secure software development practices for the open source community."
Matt Hambrick, Senior Director of ONTAP Engineering at NetApp, said, "NetApp proudly leverages FreeBSD to deliver high-performance products that consistently meet our customers' expectations for reliability, security, and supportability - including numerous U.S. military and civilian government agencies. NetApp's secure software development processes and procedures are being reported to our government clients; the FreeBSD SSDF Attestation report is a valuable and welcome support to these efforts."
"A vital component of Metify's technology stack, which enables us to provide wireless ISP solutions and bare metal servers, is FreeBSD. For us, FreeBSD's dependability, security, supportability, and the vibrant, open community are major benefits," said Mike Wagner, CEO and co-founder of Metify. "As a startup, the SSDF Attestation report from FreeBSD Foundation is a welcome help and important enabler to our Federal Government growth strategy."