Hello, my name is Cynthia and I am a Supply Chain Risk Management Analyst at NASA. NASA is currently conducting a supply chain assessment of Bandit. As stated in Sections 208 and 514 of the Consolidated Appropriations Act, 2022, Public Law 117-103, enacted March 15, 2022, a required step of our process is to verify the Country of Origin (CoO) information for the product (i.e., the country where the products were developed, manufactured, and assembled.) As Bandit is open source, we understand that this inquiry is not directly applicable, as contributions may be made from individuals from around the world. In this case, NASA is interested in confirming the following information:
1. Is there an organization which sponsors/publishes the project, or a primary developer who audits the code for potential vulnerabilities, errors, or malicious code? Y/N 2. Does Bandit have an overseeing organization or individual along these lines? Y/N
1. If so, please provide the name of the organization and country they are established in. If the information above is unknown or cannot be provided, we request that you provide the country or list of countries where the majority of contributions originate from to satisfy Sections 208 and 514 of the Consolidated Appropriations Act, 2022, Public Law 117-103, enacted March 15, 2022.
Thank you, Cynthia