X-CGP-ClamAV-Result: CLEAN
X-VirusScanner: Niversoft's CGPClamav Helper v1.25a (ClamAV 1.2.1/27198)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=simple/simple; d=cni.org; s=mail;
	bh=omOJTII+stGfgXFRDev+ZizeeHHO8iEWMLrhf8+/j+U=;
	h=Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:From:Message-ID
	:Date:To:Sender; b=aT1UBs87EoihRWj/TW0ZqeKEsoBGgfh51S94kRv80TqbmBTtWhdNQMOBB4
	nfuTsuBdsff7ASkz16ZJvPXitptJ5HPvzscf5KZMeLjheGnKO5vD1jh91Z7z2aOAgn6a5qymZF5hO
	0cSo3u4enNOCK6dGcJNX2apnhHx0v/YlGJt0=
Return-Path: <cgplmgr@cni.org>
Sender: <cgplmgr@cni.org>
To: CNI-ANNOUNCE
Date: Wed, 28 Feb 2024 00:30:01 -0500
Message-ID: <redirect-41753692@cni.org>
X-Original-Return-Path: <cliff@cni.org>
Received: from [69.248.123.21] (account clifford@cni.org HELO [192.168.50.171])
  by cni.org (CommuniGate Pro SMTP 7.1.4)
  with ESMTPSA id 41753669 for cni-announce@cni.org; Wed, 28 Feb 2024 00:02:00 -0500
X-Original-Date: Wed, 28 Feb 2024 00:02:00 -0500
From: Cliff Lynch <cliff@cni.org>
X-Original-To: cni-announce@cni.org
X-Original-Message-ID: <20240228000200341745.f00e4eed@cni.org>
Subject: Several Recent Government Reports
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: GyazMail version 1.7.1

There are several important reports from various parts of the US Federal Government that I've been meaning to share with the CNI community. Even though they cover some rather diverse areas, I've aggregated them here in the interests of getting this done sooner rather than later or not at all. My thanks to Gary Price for bringing several of these to my attention. Also, I cannot resist reflecting how amazing I find it that government is actually engaging some of these issues; I can't imagine this happening a decade ago, and if nothing else it underscores how central issues related to security and computational infrastructure have become. 

First off, an update on efforts to secure the open-source software ecosystem (includes links to related material)

https://www.whitehouse.gov/wp-content/uploads/2024/01/Securing-the-Open-Source-Software-Ecosystem-OS3I-End-of-Year-Report-MASTERCOPY.pdf

Next, three documents on memory-safe programming languages and technologies, and the need for better metrics for software quality. Very interesting if somewhat technical reading. 

https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/memory-safety-fact-sheet/  (summary document)


https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf   (the report proper)

an earlier and more technical document, probably the most informative of the three

https://www.cisa.gov/sites/default/files/2023-12/The-Case-for-Memory-Safe-Roadmaps-508c.pdf

Finally,  on a very different topic, there's a short open letter from the Copyright Office that gives a really good succinct summary of what they've been doing in there investigations and policy-making around copyright and AI, with emphasis on generative AI. 

https://copyright.gov/laws/hearings/USCO-Letter-on-AI-and-Copyright-Initiative-Update-Feb-23-2024.pdf


Clifford Lynch
Director, CNI