Security News > 2024 > March > Securing software repositories leads to better OSS security

Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day.

The security capabilities of public software package repositories plays a crucial factor in securing the open-source software supply chain.

The Open Source Software Security Mobilization Plan, to help spur systematic efforts towards better OSS security.

Most recently, the Foundation has partnered with the Cybersecurity and Infrastructure Security Agency to create a framework outlining steps for raising the security maturity level of package repositories.

Developed by OpenSSF's Securing Software Repositories Working Group, the Principles for Package Repository Security define four levels of security maturity.

"Through our general framework we hope that package repositories can kickstart or further mature their security improvement roadmap," they said, but acknowledged that "Capabilities must be balanced with resource constraints of package repositories, many of which are operated by nonprofit organizations."

News URL

https://www.helpnetsecurity.com/2024/03/04/securing-software-repositories/