- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
CISA Publishes Plan to Enhance Open Source Security
A leading US security agency has released a long-awaited plan detailing how it will enhance open source security for both federal government and across the entire ecosystem.
The US Cybersecurity and Infrastructure Security Agency (CISA) Open Source Software Security Roadmap was published yesterday at the Secure Open Source Summit.
Tackling cyber-risk in open source software is a key priority for the Biden administration, given that 96% of codebases contain open source code, according to one estimate.
CISA warned of two key risks: the “cascading” impact of vulnerabilities in open source components like Log4j, and supply chain attacks on open source repositories, which include attackers seeking to compromise developer accounts and/or slip backdoor malware into packages.
To help mitigate these risks, CISA’s roadmap has four goals over fiscal year 2024-26:
- Establish CISA’s role in supporting more secure open source software
- Enhance visibility into open source usage and risks
- Reduce risks to the federal government
- Harden the open source software ecosystem
The latter goal will include efforts to improve developer education, deliver best practice security guidance, foster greater vulnerability disclosure and response, and encourage greater standardization and take-up of a software bill of materials (SBOM) in supply chains.
“Open source software has fostered tremendous innovation and economic gain, including serving as the foundation for technologies used across our federal government and every critical sector,” said Eric Goldstein, CISA executive assistant director for cybersecurity.
“In part due to this prevalence, we know that vulnerable or malicious open source software can introduce systemic risks to our economy and essential functions. CISA is proud to serve as a partner to the open source community as we collectively take urgent steps to support open source security and ensure that all partners in this critical ecosystem invest in a secure, resilient, and innovative open source future.”
