Open source is on notice.
That’s the word from CISA, which introduced new efforts to secure the software on March 7, after hosting its two-day Open Source Software (OSS) Security Summit.
During the conference, top-level officials like Office of National Cyber Director (ONCD) Assistant National Cyber Director for Technology Security Anjana Rajan, CISA Open Source Security Section Chief Aeva Black, and CISA Director Jen Easterly met with OSS professionals and stakeholders to discuss how to strengthen open source infrastructure. The summit also included smaller organizations, something that Open Source Initiative US Policy Director Deb Bryant highlighted.
“Including less represented, small open-source nonprofits into the discussion will facilitate workable, practical policies and practices, building upon the strength of the collaborative model of Open Source,” Bryant said.
ONCD’s Rajan emphasized the importance of open source security for federal agencies.
“Ensuring that we have a secure and resilient open source software ecosystem is a national security imperative, a technology innovation enabler, and an embodiment of our democratic values,” Rajan said in a statement.
Stakeholders will take action on open source, CISA said; the Rust Foundation is implement public key infrastructure for Crates.io, and the Python Software Foundation is adding providers to its Python Package Index to expand its credential-less publishing.
CISA said it will share information from a tabletop simulation exercise that took place at the summit, as well as push for industry-wide adoption of the Principles for Package Repository Security developed by the agency and the Securing Software Repositories Working Group of the Open Source Security Foundation.
As IT Brew has reported, it’s been a busy few months for CISA. The agency worked with the EPA and FBI to deliver a water system security playbook in January, and influenced the president’s February executive order on port cybersecurity.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.