"Open source software (OSS) is the backbone and driver of digitization across sectors worldwide. This makes OSS a cornerstone of every society and economy, including the core of national security concerns. Therefore, governments have a vested interest in OSS security. At the same time, governments, as large users of OSS, bear some of the responsibility for supporting the OSS ecosystem. To assume responsibility, governments must understand the existing OSS communities and the culture surrounding OSS. Governments will be able to effectively foster OSS security only if they work with the ecosystem stakeholders. Doing so requires governments to adhere to guidelines such as respect, cooperation, collaboration and sincerity. In addition, governments must identify their own role(s) in consultation with the OSS ecosystem. Governments can serve as internal coordinators, role models, supporters and regulators. The role of internal coordinator requires governments to be more transparent and systematic in their own use of OSS. In particular, they should take stock of what is being used, where exactly the components are being used and how they are used. As role models, governments engage with OSS, adhering to best practices in the ecosystem and encouraging other governments and stakeholders to do so. As supporters, governments actively engage with the OSS ecosystem, mobilizing and channeling resources into it through various means. Governments use their regulatory powers to create a legal framework that reflects the characteristics of the OSS ecosystem. They can mix and match from different roles and shift between them as they gain more experience, trust and credibility in the OSS ecosystem." (Executive summary)