CISA Targeting Open-Source Software Risks, Director Says

The Cybersecurity and Infrastructure Security Agency is addressing security risks posed by open-source software head-on and is looking at private-public partnerships to meet targets.

Speaking at an Atlantic Council event, CISA Director and 2023 Wash100 winner Jen Easterly said public-private partnerships through the Joint Cyber Defense Collaborative would ensure that open ecosystems would be secure and that federal government and critical infrastructure continue to function unimpeded. According to Easterly, one of the key priorities under the JCDC program is to address open-source software security risks.

The JCDC program brings together cybersecurity experts who gather, analyze and share actionable information to support holistic planning and response. In addition to open-source security, the program also covers industrial control systems protection, FCW reported.

Easterly also shared that CISA worked with other agencies and organizations to build software and packages to protect open-source systems. The tools allow users to provide secure software packages while automating cybersecurity updates.

The tools were developed in partnership with the Office of the National Cyber Director, the Office of Management and Budget and the Open Software Security Foundation.

According to Easterly, the aforementioned efforts ensure that threat actors cannot take advantage of existing vulnerabilities and cannot download code from open-source software libraries.