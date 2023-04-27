FedScoop has pointed out that industry vendors have until June 26 to comment on the Cybersecurity and Infrastructure Security Agency's (CISA) draft attestation form for government software providers. The draft Secure Software Self-Attestation Common Form was published Thursday and the window for feedback is 60 days so comments will be accepted through June 26, 2023.

This stems from Executive Order 14028 and the Office of Management and Budget's (OMB) M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. The CISA has requested that interested parties (that's you FOSS projects) review the Secure Software Development Attestation Common Form, and submit feedback.

Redmond and its minions are already on this. Will the FSF, OSI, EFF, SFLC, SFC, and the others step up and be heard?