Trusted Code Initiative (update 2017) - Executive Summary
- Last Updated: Friday, 12 May 2017 18:32
Increase Value, Efficiency and Accessibility of Government OSS
The vision of the Trusted Code Initiative is to increase the collective quality, security, access and subsequent value of open source software resources used within US government and public-sector systems.
Define an Acceptable Balance of Agility and Assurance
The objective is to define an acceptable, measurable balance between the agility and flexibility made available through the open source approach with the acquisition, certification and validation, and operational regulations and policies that govern the use of software technologies within Federal Enterprise Systems.
Collaboration, Compliance, Continuity
The approach is to organize and facilitate administrative processes that enables open source software resources to more efficiently address and comply to Federal acquisition, information assurance and distribution requirements, policies and practices.
The Initiative defines “Trusted” as any software component, development method or practice that is accredited by a government-sanctioned validation process; deployed and affirmed within a government technology system; or designated as “Trusted” by a Government-sanctioned entity.
Trusted Code, Trusted Support, Trusted Community
The goal of the Trusted Code Initiative is to increase the collective quality, security, access and subsequent value of software resources and practices used within US Government and public-sector systems.
The ultimate goal concept of Trusted Code become a productive, contributing factor in the collective efforts to raise the quality of software used within Federal Government systems.
Metrics for success to include:
(a) Establish an independent, vendor and agency-agnostic non-profit 501 (c) (3) Trusted Code Foundation to oversee governance and management of the Trusted Code Initiative program;
(b) Establish Trusted standards for software development, analysis and maintenance practices;
(c) Create a Trusted Code Analysis and Scoring process to accurately measure the administrative, vulnerability and policy compliance status of Trusted Code assets;
(d) Coordinate the selection, management and joint funding of government-sanctioned information and software assurance accreditation programs for commodity Trusted software applications;
(e) Development and distribution of technical, training and support documentation materials for Trusted Code assets to enhance workforce quality; and
(f) Establish a “secured” hosting and distribution network to ensure the integrity of Trusted Code resources.