Trusted Code Initiative (update 2017) - Trusted Code Initiative
- Last Updated: Friday, 12 May 2017 18:32
Trusted Code Initiative
The Trusted Code Initiative addresses these barriers from the perspective of both government adopters and the commercial suppliers who service the Federal Government marketplace. The objective of the Trusted Code Initiative is to create a collaborative, self-sustaining marketplace for “Trusted” open source software technologies and practices used within government technology environments.
Vision: Leverage the technical, administrative and economic benefits of open source software for government enterprise systems
The Trusted Code Initiative is a collaborative vision shared by public and private-sector stakeholders that seeks to leverage the technical, administrative and economic benefits and best practices of open source software technologies to enhance the aggregate quality, security and access of all software resources available for use within Government enterprise systems.
Objective: Define market value and provide secure access to “Trusted Code” resources
The objective of the Trusted Code Initiative is to define a volunteer standard for “Trusted” software components and practices based on existing government policy requirements; create a process for designating Trusted resources and practices; and facilitate the creation of a sustainable market environment that promotes adoption of the Trusted standard by government technology consumers and commercial vendors and service providers.
The Initiative defines “Trusted” as any software component, development method or practice that is accredited by a government-sanctioned validation process; deployed and affirmed within a government technology system; or designated as “Trusted” by a Government-sanctioned entity.
Approach: Establish an independent, self-sustaining “Trusted Code” marketplace
The Trusted Code Foundation (TrustedCodeFoundation.org) will serve as an independent, collaborative venue for public and private-sector stakeholders who share common technical, administrative and economic interests in advancing the quality, security and access of Trusted resources used within government and public-sector systems.
The Foundation will identify common challenges and opportunities where Trusted resources will provide value to Federal, state and local government systems, as well as to the vendor and support communities that service the public-sector technology marketplace.
The intent of the Trusted Code Foundation is become a self-sustaining entity by deriving operational revenue from services associated with Trusted Code programs, developing unique product and service offerings and from participating member fees and contributions from non-member, public and private-sector entities.
The goal of the Trusted Code Initiative is to increase the collective quality, security, access and subsequent value of software resources and practices used within US Government and public-sector systems. To accomplish this goal, the Trusted Code Initiative will establish a series of complementary activities that establish a “fair market” for Trusted Code resources, code development and analysis processes, products and services.
These activities (tasks) include:
1. Trusted Code Foundation
Establish an independent, vendor and agency-agnostic non-profit 501 (c) (3) Trusted Code Foundation to oversee governance and management of the Trusted Code Initiative program;
2. Resource & Standards Council
Establish Trusted standards and practices that define and provide guidance for development, analysis and maintenance of Trusted Code resources;
3. Documentation, Training and Education
Administer the development and distribution of technical, administrative, support and training documentation materials for Trusted Code assets to encourage adoption and enhance workforce quality;
4. Support Services & Program Management
Provide access to technical and administrative support services for Trusted Code resources provide directly to government agencies in coordination with commercial suppliers and open source community subject matter experts;
5. Collaborative Development Laboratory
Serve as a platform-agnostic collaboration laboratory for government and commercial vendors to develop or combine Trusted Code resources within a secured environment so the resulting product or “Trusted Stack” retains the integrity of the individual components and the Trusted Code designation.
6. Analysis & Vulnerability Monitoring
Create a Trusted Code Analysis and Scoring process to accurately measure the administrative, vulnerability and policy compliance status of Trusted Code assets;
7. Information & Software Assurance Management
Coordinate the selection, management and joint funding of government-sanctioned information and software assurance accreditation programs for commodity Trusted software applications; and
8. Secure Hosting and Distribution Network
Establish a “secured” hosting and distribution network to ensure the integrity of Trusted Code resources.