April 18, 2024

BOULDER, Colo., April 18, 2024—The FreeBSD Foundation, a public charity dedicated to supporting the FreeBSD operating system, today announced the release of Version 1 of the FreeBSD Secure Software Development Framework (SSDF) Attestation for its partner organizations that have contributed at the Silver level and above. 

The SSDF is a key resource for entities working with the US Government, facilitating compliance with NIST SP 800-218 Section 4e as recommended by the United States Cybersecurity and Infrastructure Security Agency (CISA) in consultation with the General Services Administration (GSA) and the Office of Management and Budget (OMB). This initiative aligns with the goals of Executive Order 14028, issued by the Biden Administration in May of 2021, and Memorandum M-22-18, issued in September of 2022, aimed at enhancing national cybersecurity.

The SSDF Attestation continues the FreeBSD community’s longstanding commitment to security by providing transparency and trustworthiness in its software development environment. This move aligns with the US federal government’s recent initiative to bolster software security. 

SSDF is a set of software development practices based on established secure software development documents from organizations such as BSA, OWASP, and SAFECode, aiming to reduce software vulnerabilities in US government software solutions. On March 18, CISA announced that the Repository for Software Attestation and Artifacts is now live for software producers who partner with the federal government to upload their Secure Software Development Attestation Forms. 

First announced by the FreeBSD Foundation in November 2023, the FreeBSD SSDF Attestation, which conforms to the CISA SSDF Self-Attestation, includes references and sources that validate the trustworthiness of the FreeBSD development process, offering partners and potential collaborators confidence in the community’s rigorous standards. 

“The FreeBSD community is a leader in creating secure, open-source software that is secure by design and default,” said Ed Maste, Senior Director of Technology at the FreeBSD Foundation. “We are proud to release Version 1 of our SSDF Attestation report to our commercial partners as governments worldwide increasingly recognize open source’s critical role in innovation and security.”

“NetApp proudly leverages FreeBSD to deliver high-performance products that consistently meet our customers’ expectations for reliability, security, and supportability–including numerous US military and civilian government agencies,” said Matt Hambrick, Sr. Director of ONTAP Engineering at NetApp. “As we report to our Government clients on NetApp’s secure software development processes and procedures, the FreeBSD SSDF Attestation report is a valuable and welcomed support to these efforts.”

“Leveraging FreeBSD in our rXg multi-services edge gateway helps us provide an integrated solution that delivers exceptional performance, scalability, and security,” said Dr. Simon Lok, Founder at RG Nets. “The SSDF Attestation from the FreeBSD Foundation aligns with our commitment to deliver secure and reliable networking infrastructure. This attestation enhances our credibility and demonstrates our adherence to rigorous security standards.”

To learn more about the SSDF Attestation and the advantages of partnering with the FreeBSD  Foundation, interested parties are encouraged to contact partnerships@freebsdfoundation.org. This initiative is critical in securing the software development landscape and reaffirming FreeBSD’s dedication to creating a safe and reliable computing environment.

About the FreeBSD Foundation

The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to supporting the FreeBSD Project and community. Accepting donations from individuals and businesses, the Foundation uses funds to develop features, employ software engineers, improve build and test infrastructure, advocate for FreeBSD through in-person and online events, and provide training and educational material. Representing the FreeBSD Project in legal affairs, the Foundation stands as the recognized entity for contracts, licenses, and other legal arrangements and is entirely donation supported. Learn more at freebsdfoundation.org.

Contact

FreeBSD Foundation

partnerships@freebsdfoundation.org