The Cybersecurity and Infrastructure Security Agency developed a roadmap of its goals to ensure open source software security within the federal government from 2024 to 2026.
The Open Source Software Security Roadmap, which was opened for public comment in August, has four main goals including minimizing the risks of its use by government agencies, CISA said Tuesday.
The strategy also aims to lay the foundation of CISA’s role in open source protection and defense, and to maintain continued visibility into the usage and risks of such systems. The agency intends to enforce the roadmap to bolster the ecosystem for platforms with publicly available source codes.
“Open source software has fostered tremendous innovation and economic gain, including serving as the foundation for technologies used across our federal government and every critical sector,” said Eric Goldstein, CISA’s executive assistant director for cybersecurity. “In part due to this prevalence, we know that vulnerable or malicious open source software can introduce systemic risks to our economy and essential functions. CISA is proud to serve as a partner to the open source community as we collectively take urgent steps to support open source security and ensure that all partners in this critical ecosystem invest in a secure, resilient, and innovative open source future.”