No doubt by now you've heard about the Obama Administration's newly announced Cybersecurity National Action Plan (CNAP). You can read more about it on CIO.com here and here.\n\n\nBut what you may not know is that the White House is actively working with the Linux and open source community for CNAP. In a blog post Jim Zemlin, the executive director of the Linux Foundation said, \u201cIn the proposal, the White House announced collaboration with The Linux Foundation\u2019s Core Infrastructure Initiative (CII) to better secure Internet 'utilities' such as open-source software, protocols and standards.\u201d\n\n\nTo learn more about the collaboration between the White House and The Linux Foundation I reached out to Zemlin. Here is an edited version of the email interview.\n\n\nCII is still in the early phase of conceptualization. Has any major progress been made after LinuxCon?\n\n\nCII has made tons of progress. We will be launching our BadgeApp in the coming months, but we are developing the criteria with an open source process at https:\/\/github.com\/linuxfoundation\/cii-best-practices-badge. We also continue to work on the census at https:\/\/github.com\/linuxfoundation\/cii-census and with our grant recipients. For example, CII recently funded a collaboration of SSH vendors to accelerate the deprecation of the obsolete v1 of their protocol. We also sponsored a reproducible builds summit to improve the deployment of replicatable build services in open source infrastructure.\n\n\nI attended the CII announcement at LinuxCon and saw involvement by different players from the market \u2014 from Microsoft to Bloomberg. What is the organizational structure of CII? \n\n\nEmily Ratliff is our senior director of infrastructure security at Linux Foundation and is dedicated to the work of the Core Infrastructure Initiative. She works with the steering group comprised of backers of the project as well as key open source developers and other industry stakeholders. (the board of secuirty experts on the home page is pretty amazing:https:\/\/www.coreinfrastructure.org\/) We will be announcing a new CTO shortly who will oversee CII and other security initiatives at Linux Foundation.\n\n\nWhat are the core\/key components of \u201cCyber Security,\u201d as identified by the administration, that are open source?\n\n\nWhether the federal applications are closed source or open source (for example, Oracle vs. MySQL), many of the technologies used to secure them are open source. Most two-factor authentication systems, many firewalls, VPNs, intrusion detection and other systems are either partially or entirely open source. For example, Heartbleed was so serious because OpenSSL is deployed on nearly all network hardware, as well as most operating systems and programming languages.\n\n\nThe Linux Foundation has been supporting many critical projects can you tell us about some of them?\n\n\nOne of the critical security components on the Internet is time. The ability to have reliable time servers is essential for secure communications and encryption and NTP is the standard used worldwide. While NTP is essential for securing every Internet server, router and smartphone, the maintainer of the widely-deployed ntpd open source project everyone uses was earning less than $25,000 per year for his efforts. The OpenSSL project, which enables the ubiquitous lock in the location bar of web browsers by encrypting data, has in the past received about $2,000 per year in donations. The author of OpenSSH, an open source project universally used by administrators to securely connect to their servers, has been working part time jobs. CII is providing funding to these and other developers to invest the appropriate time into projects that have global security impact. CII has also begun to transition from just \u201cfighting fires\u201d to authoring \u201cbuilding codes\u201d that will help secure communications systematically.\n\n\nEvery time governments come closer to technology there are fears of backdoors. How do you ensure that there won\u2019t be any government sneaking of code?\n\n\nAll the work that CII sponsors results in open source code, where any and all potential users can review the output of this work.\n\n\nQ: How exactly is The Linux Foundation involved with this and how will the U.S. government assist the foundation?\n\n\nThe Core Infrastructure Initiative is a collaborative project of the Linux Foundation, just like Node.js or Hyperledger. We bring together industry, community, and now government participants to collaborate to improve open source security.\n\n\nThe Linux Foundation is in ongoing discussions with the White House about how best to work together. We are encouraged by its inclusion of CII in its Cybersecurity National Action Plan. We would like to significantly expand this effort by incorporating major companies from industries beyond technology. All companies depend on open source software to function, as it represents the infrastructure of the Internet and of nearly all modern software development.