The Cybersecurity and Infrastructure Security Agency (CISA) published the Open Source Software Security Roadmap that articulates how the agency will enable the secure usage of open source software within the federal government and support a healthy, secure and sustainable global open source software ecosystem.
The roadmap lays out four goals with supporting objectives to be implemented Fiscal Year 2024-2026:
- Goal 1: Establish CISA’s Role in Supporting the Security of Open Source Software
- Goal 2: Drive Visibility into Open Source Software Usage and Risks
- Goal 3: Reduce Risks to the Federal Government
- Goal 4: Harden the Open Source Software Ecosystem
Open source software allows anyone to access, modify, and distribute source code, which can lead to greater collaboration and higher-quality code. By making code more readily available for reuse, open source software can help spur and fast track innovation. At the same time, open source software can be a target for supply chain attacks and latent vulnerabilities — much like in proprietary software — can have significant consequences. One study found that open source software was present in 96% of studied codebases across various sectors.