Techrights

Open-Source Software Security Initiative (OS3I) Has Nothing to Do With Open Source, It's Just a Front Group for Lobbying Purposes and an Openwashing Agenda in Mind

Posted by Roy Schestowitz on Feb 01, 2024,

updated Feb 01, 2024

Shameless self-promotion, but whose exactly? We may be dealing with malicious imposters here*.

THERE is this thing called "Open-Source Software Security Initiative" (or OS3I) and their sites leans towards a very corporate/'Establishment' message. Notice the dash in "Open-Source"; that's what the openwashing crowd keeps doing. This seems to link to IST. Here is the corresponding PDF and Linux Foundation affirming the connection in its new, proprietary Web site.

According to this news report from a Microsoft-friendly site, "White House releases report on securing open-source software," yet we aren't seeing any Free software people participating. As one person asked us, "was even a single person from any FOSS community involved in the report?" Or "who is behind the Open-Source Software Security Initiative (OS3I)?"

From what we can gather, there's almost no FOSS element in the Board. There's even CIA in there (Sarah Sewall). The core team shows no familiar faces, to say the least...

Who are those people? What makes them important? Why are they relevant to what they call "Open-Source"? (Yes, with a dash!)

Board behind Open-Source Software Security Initiative

Time will tell what sort of positions they promote, but certainly those aren't FOSS people. They seem like state and corporate puppets throwing the term "open-source" around. It's connected to a group that used to be headed by a Microsoft employee.

Speaking of public policy, see this recent article and page 31 of the PDF in particular ("Federal Software License: Agencies Need to Take Action to Achieve Additional Savings").

As someone told (regarding the document), "money is wasted on proprietary licensing by the wheelbarrow; it should instead be public money, public code!" (The slogan from the FSF-EEE)

GAO’s study said, as per FedScoop, that "Microsoft held by far the largest share of vendors organized by the highest amounts paid (31.3%)" and GAO "is making 18 recommendations to nine agencies to consistently track software license usage and compare the inventories with purchased licenses," to quote the PDF from GAO's site. "Eight agencies agreed with the recommendations and one neither agreed nor disagreed."

It's time to stop bailing out Microsoft (at taxpayers' expense) and to not let Microsoft lobby the government on matters like "Open Source"; it must not represent its opposition. Microsoft should play no part in security-centric advisory panels, either. The culprit is not the expert. █

_______

• Far too many imposters out there, like pushers of 'secure' boot pretending to be security experts whilst in fact working for the NSA's #1 enabler. Delusional (in this case also autistic) people making up some fictional titles or job titles (unemployed) is not illegal, but lying about one's legal credentials is akin to falsifying being a cop (in order to terrorise and blackmail people) and is legally actionable. As we shall show here in the future, the people who attempt to silence this site are guilty of all those things. This is now being deal with by the police. The real police, not delusional people on hard drugs.