Read-Me.Org

View Original

CISA Open Source Software Security Roadmap

United States. Cybersecurity & Infrastructure Security Agency

From the document: "The federal government, critical infrastructure, and state, local, tribal, and territorial (SLTT) governments greatly depend upon open source software (OSS). OSS is software for which the human-readable source code is made available to the public for use, study, re-use, modification, enhancement, and re-distribution. OSS is part of the foundation of software used across critical infrastructure, supporting every single critical infrastructure sector [hyperlink] and every National Critical Function [hyperlink]: one study found that 96% of studied codebases across various sectors contain open source code, and 76% of code in studied codebases was open source. Therefore, to fulfill CISA's [Cybersecurity and Infrastructure Security Agency's] mission of understanding, managing, and reducing risks to the federal government and critical infrastructure, we must understand and protect the open source software that we rely upon. [...] CISA recognizes the immense benefits of open source software, which enables software developers to work at an accelerated pace and fosters significant innovation and collaboration. With these benefits in mind, this roadmap lays out how CISA will help enable the secure usage and development of OSS, both within and outside the federal government."

Washington. D.C United States. Cybersecurity & Infrastructure Security Agency . 2023. 8p.