API security, Cloud Security

CISA’s open source software security initiatives detailed

Jen Easterly speaks during her June 10, 2021, Senate confirmation hearing to head Homeland Security’s Cybersecurity and Infrastructure Security Agency in Washington. (Kevin Dietsch/Getty Images)

SecurityWeek reports that open source software security is being planned to be strengthened by the Cybersecurity and Infrastructure Security Agency through the Principles for Package Repository Security.

Such a new framework, introduced after an OSS security summit with open source community leaders, not only establishes package repository security maturity levels but also advances information sharing and partnership among operators of open source software, according to CISA. Also announced during the summit were the Rust Foundation's new threat model for the Crates.io package repository, the Python Software Foundation's expanded credential-less publishing effort, and Packagist's and Composer's improved security measures. "Open source software is foundational to the critical infrastructure Americans rely on every day. As the national coordinator for critical infrastructure security and resilience, we’re proud to announce these efforts to help secure the open source ecosystem in close partnership with the open source community, and are excited for the work to come," said CISA Director Jen Easterly.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.