S5E8: Resilient Cyber with Kelly Shortridge and Ryan Petrich

In this episode of Resilient Cyber, Chris Hughes catches up with Kelly Shortridge and Ryan Petrich to discuss the Office of the National Cyber Director's (ONCD) Request for Information (RFI) on Open Source Software (OSS) Security. Kelly and Ryan share insights from their detailed response to the RFI, exploring key topics such as the role of OSS in the federal ecosystem and the potential impact of government regulation on OSS security and national innovation.

Key Highlights:

• The potential risks of over-regulating OSS and the impact on national innovation.

• How government policy could stifle or support the open source community and its contributors.

• A discussion on memory-safe programming languages, cicd practices, and their role in secure software development.

• Exploring the effectiveness (and pitfalls) of SBOMs in enhancing software supply chain security.

• Incentivizing federal contractors to support OSS projects and maintain their dependencies.

🎧 Whether you're involved in OSS, federal contracting, or just passionate about cybersecurity policy, this episode provides in-depth analysis and actionable insights into the future of OSS security.