Security News > 2023 > September > CISA Aims For More Robust Open Source Software Security for Government and Critical Infrastructure
CISA also plans to create a guide to best practices in open source security for government entities and critical infrastructure organizations, according to the roadmap.
CISA notes that open source software can lead to great innovation; however, CISA said, vulnerabilities like the widespread Log4shell vulnerability in 2021 mean open source software can introduce insidious flaws in widely-used code.
This is a bill introduced in Congress in September 2022; it highlights the importance of the open source community to the tech industry and calls for CISA to work more directly with the open source community in matters of national security.
The open source security roadmap is one of many documents currently circulating in the U.S. federal realm related to aligning the open source community with high-stakes security needs.
Representatives from CISA attended the Secure Open Source Software Summit 2023 to discuss open source security standards with other government agencies and members of the industry on September 13.
"While government agencies have made progress in addressing open source security, it is evident that further action is needed to enhance the protection of critical infrastructure and corporate assets," said Mike Walters, vice president of vulnerability and threat research and co-founder of patch management software company Action1, in an email to TechRepublic.
News URL
https://www.techrepublic.com/article/cisa-open-source-security-roadmap/
Related news
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- CISA investigates critical infrastructure breach after Sisense hack (source)
- CISA says Sisense hack impacts critical infrastructure orgs (source)
- DHS establishes AI Safety and Security Board to protect critical infrastructure (source)
- U.S. Government Releases New AI Security Guidelines for Critical Infrastructure (source)
- BSAM: Open-source methodology for Bluetooth security assessment (source)
- MobSF: Open-source security research platform for mobile apps (source)
- Public anxiety mounts over critical infrastructure resilience to cyber attacks (source)
- Lynis: Open-source security auditing tool (source)
- FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert (source)