Recently, the CISA held an Open Source Software (OSS) Security Summit where OSS leaders (including industry and federal agencies) gathered and announced a plan of action to bolster the security of the open source ecosystem. This summit recognized the essential services and functions that OSS supports, and so those in attendance aimed to advance the security of its ecosystem.

During the summit, OSS leaders investigated avenues that could boost the open source infrastructure. The result included several key actions that were announced by the CISA.

  • Package repositories will work closely with CISA in order to adopt the Principles for Package Repository Security Developed set forth by CISA and the and the Securing Software Repositories Working Group associated with the Open Source Security Foundation. These guidelines outline security maturity levels that package repositories can follow.
  • An endeavor launched by CISA will open the door for cyber defense collaboration and information sharing among OSS infrastructure operators. The goal is to increase the defenses of the OSS supply chain.
  • Materials from a tabletop exercise performed by members of the summit will be published and made available to the open source community, allowing operators to bolster security and resiliency.