This is a very compelling article:
The context first:
Although the $1.5 trillion infrastructure bill recently passed by the House of Representatives includes $100 billion for increasing access to broadband in underserved communities, that only solves the problem of today—it does not lay the groundwork to solve the problems of tomorrow. Our work through the Core Infrastructure Initiative, a joint project between Harvard’s Laboratory for Innovation Science and the Linux Foundation, has shown there are significant vulnerabilities in the core infrastructure of the digital economy that, unaddressed, could lead to significant problems down the road. These vulnerabilities include: a heavy reliance on FOSS components that are outdated or not regularly maintained, a lack of both transparency and consistent naming conventions, making it difficult for companies to update their software properly, and a lack of project governance safeguards, which could allow malicious actors to insert backdoors into FOSS projects.
That’s an enormous amount and requires a significant overhaul of the national assets. I don’t foresee the entire money going towards the open source because the lobbies and paybacks are more interesting than the common sense for the greater common good. Politics is not always about the “public service” but private enrichment (and this cuts across the cultural issues).
Here’s another quote from the article:
To understand the magnitude of the vulnerabilities contained in widely deployed open-source code, consider the Heartbleed bug in OpenSSL, which affected nearly 20% of secure websites on the internet. In 2012 a bug was mistakenly introduced into the project’s underlying code. Heartbleed went undiscovered for two years, partly because the project was being maintained by only one full-time engineer and a few part-time volunteers. The Core Infrastructure Initiative was launched in response to Heartbleed, and major technology companies like Google, IBM, Intel, and Microsoft donated millions to better support OpenSSL and other critical FOSS projects. Firms that normally compete against each other realized that FOSS is so critical to the digital economy that they need to work together to help secure it.
While the institution hopes that it might pull some attention to itself, policy planners have to understand what the fuss about the open source is!