- This Samsung phone is the model most people should buy (and it's not a flagship)
- The 50+ best Black Friday Walmart deals 2024: Early sales live now
- How to Dockerize WordPress | Docker
- The smartwatch with the best battery life I've tested is also one of the cheapest
- One of the most immersive portable speakers I've tested is not made by Sony or Bose
CISA Publishes Plan to Enhance Open Source Security
A leading US security agency has released a long-awaited plan detailing how it will enhance open source security for both federal government and across the entire ecosystem.
The US Cybersecurity and Infrastructure Security Agency (CISA) Open Source Software Security Roadmap was published yesterday at the Secure Open Source Summit.
Tackling cyber-risk in open source software is a key priority for the Biden administration, given that 96% of codebases contain open source code, according to one estimate.
CISA warned of two key risks: the “cascading” impact of vulnerabilities in open source components like Log4j, and supply chain attacks on open source repositories, which include attackers seeking to compromise developer accounts and/or slip backdoor malware into packages.
To help mitigate these risks, CISA’s roadmap has four goals over fiscal year 2024-26:
- Establish CISA’s role in supporting more secure open source software
- Enhance visibility into open source usage and risks
- Reduce risks to the federal government
- Harden the open source software ecosystem
The latter goal will include efforts to improve developer education, deliver best practice security guidance, foster greater vulnerability disclosure and response, and encourage greater standardization and take-up of a software bill of materials (SBOM) in supply chains.
“Open source software has fostered tremendous innovation and economic gain, including serving as the foundation for technologies used across our federal government and every critical sector,” said Eric Goldstein, CISA executive assistant director for cybersecurity.
“In part due to this prevalence, we know that vulnerable or malicious open source software can introduce systemic risks to our economy and essential functions. CISA is proud to serve as a partner to the open source community as we collectively take urgent steps to support open source security and ensure that all partners in this critical ecosystem invest in a secure, resilient, and innovative open source future.”
