November 3, 2023

New report helps commercial FreeBSD users comply with US Government secure software development reporting requirements

 

Boulder, CO and San Jose, CA — November 3, 2023 — The FreeBSD Foundation, the public charity dedicated to advancing the open source FreeBSD operating system and supporting its community, today announced a new service to aid commercial users of FreeBSD with the National Institutes of Standards and Technology (NIST) Secure Software Development Framework (SSDF). 

 

SSDF, which comes into partial effect in Q4 2023 and full effect in 2024, is a set of software development practices based on established secure software development documents from organizations such as BSA, OWASP, and SAFECode. SSDF aims to reduce software vulnerabilities in software solutions used by the US Government. 

 

Once in effect, OMB and CISA require that all organizations licensing software to the US government self-attest that their own software and any open source components they use conform with the SSDF.

 

“The FreeBSD community has been a pioneer in secure, distributed open source software development since its inception. With governments around the world recognizing the ubiquity of open source, the importance of open source to innovate, and the need for security by design and default, the FreeBSD Foundation is proud to provide SSDF Attestation to our commercial partners,” said Ed Maste, Senior Director of Technology with the FreeBSD Foundation.

 

Given the broad use of FreeBSD to power innumerable solutions used by the US Government, this new Foundation service is designed to make it easy for vendors and cloud providers to attest to the secure development practices of the FreeBSD software they use. 

 

To ensure access to commercial users of all sizes, the FreeBSD SSDF Attestation report is available to all FreeBSD Foundation partners regardless of donation level: Silver, Gold, or Platinum. To learn more, please contact partnerships@freebsdfoundation.org 

 

“We at NIST are glad to see the SSDF is proving useful and is being adopted by organizations such as the FreeBSD Foundation as it seeks to support the Executive Order on Improving the Nation’s Cybersecurity (EO 14028) by developing attestation mappings to the secure software development practices for the open source community,” said Murugiah Souppaya, Computer Scientist in the Computer Security Division of the Information Technology Laboratory at the National Institute of Standards and Technology.

 

“NetApp proudly leverages FreeBSD to deliver high-performance products that consistently meet our customers’ expectations for reliability, security, and supportability–including numerous US military and civilian government agencies,” said Matt Hambrick, Sr. Director of ONTAP Engineering at NetApp. “As we report to our Government clients on NetApp’s secure software development processes and procedures, the FreeBSD SSDF Attestation report is a valuable and welcomed support to these efforts.”

 

“FreeBSD is a key part of Metify’s tech stack that we use to deliver bare metal server and wireless ISP solutions. FreeBSD’s reliability, security, supportability, and the open and innovative community are key advantages for us” said Mike Wagner, Metify Co-founder and CEO. “As a startup, the SSDF Attestation report from FreeBSD Foundation is a welcome help and important enabler to our Federal Government growth strategy.”

 

About The FreeBSD Foundation

The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to supporting the FreeBSD Project and community. Accepting donations from individuals and businesses, the Foundation uses funds to develop features, employ software engineers, improve build and test infrastructure, advocate for FreeBSD through in person and online events, and provide training and educational material. Representing the FreeBSD Project in legal affairs, the Foundation stands as the recognized entity for contracts, licenses, and other legal arrangements and is entirely donation supported. Learn more at freebsdfoundation.org