Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

CISA’s new roadmap aims to fortify open source software security

The nation’s cyber defense agency wants to play a key role in hardening the broader open source software security ecosystem.

The Cybersecurity and Infrastructure Security Agency published a new roadmap Tuesday that the nation’s cyber defense agency will use to help fortify a growing open source ecosystem while supporting security efforts and reducing risks to the federal government.

CISA’s Open Source Software Security roadmap is part of a broader federal effort to secure open source software leveraged by critical infrastructure sectors and expand visibility into open source software usage across government agencies. 

The roadmap includes four key priorities, including establishing CISA’s role in providing security support to the open source software community, increasing visibility into the usage of open source software, reducing risks to the federal government and improving the overall cyber posture of the open source ecosystem.

The Office of the National Cyber Director issued a request for information in August seeking public input on ways the federal government can help secure the open source software community, a decentralized and fragmented ecosystem that has been historically difficult to regulate. 

Camille Stewart Gloster, ONCD’s deputy national cyber director for technology and ecosystem security, said in a blog post at the time that her agency and CISA “envision an ecosystem in which creating secure open source code and regularly assessing the security of existing open source code is the norm rather than an added burden.”

CISA outlined plans to partner with open source software communities and establish “a real-time collaboration channel” with key members, including open source foundations, code hosting services and package managers to provide critical input on open source security measures. 

The agency also plans to expand engagement and collaboration with international partners, according to the roadmap, while developing a framework to help organizations conduct risk prioritizations for open source software components. CISA will then use that framework to conduct its own risk assessments of open source software dependencies across the federal government and in certain critical infrastructure sectors.

The roadmap says that CISA will develop open source program office guidance for federal agencies, including best practices and additional guidance for agencies and entities that plan to pilot or launch open source program offices. 

The agency will continue fostering security education for open source developers, advancing software bills of materials within open source software supply chains and publishing guidance on open source software security best practices, the roadmap said.

Source: https://www.nextgov.com/cybersecurity/2023/09/cisas-new-roadmap-aims-fortify-open-source-software-security/390206/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Bureaucracy and dispersed authorities hinder the Cybersecurity and Infrastructure Security Agency’s ability to carry out its mission as network cyber lead, according to an...

Cyber Security

Agency resources are intended to address the longstanding challenges health systems and hospitals have faced from increasingly advanced cyberattacks. The Cybersecurity and Infrastructure Security...

Cyber Security

State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a joint advisory published by CISA, the...

Cyber Security

While budget negotiations play out on Capitol Hill, federal agency CIOs are also on the clock to ensure the bulk of their information technology...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO