CISA Hosts Summit to Tackle Open-Source Software Security

The Cybersecurity and Infrastructure Security Agency recently hosted the Open Source Software Security Summit, bringing together the open-source community to ensure a secure ecosystem.

At the two-day event, CISA announced that it will be leading several initiatives, including promoting the adoption of the Principles for Package Repository Security and launching an effort to enable voluntary collaboration and cyber defense information sharing.

The summit provided OSS community leaders, open source foundations and civil society with opportunities to explore ways to strengthen the open source infrastructure, CISA said.

Deb Bryant, U.S. policy director at the Open Source Initiative, said the agency’s move to engage with less-represented, small open-source nonprofits fosters a more collaborative approach to securing OSS.

The open-source software use in the government has been growing in recent years. In 2021, the U.S. Air Force turned to open-source software to upgrade weapons used on U-2 spy planes.

In 2023, CISA Senior Adviser Allan Friedman disclosed the government’s plan to create an OSS strategy to guide agencies in maximizing the benefits offered by the technology.