Announcements
This ISC2 Community will be decommissioned as of May 29, 2026. Please join your peers and connect with your chapter at https://isc2chapters.isc2.org.
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dcontesti
Community Champion
‎09-27-2022 02:30 PM
‎09-27-2022 02:30 PM

Senate Bill Addresses Open Source Software Protection

Members of the US Senate Homeland Security Committee have introduced a bill that aims to enhance open-source software security. The Securing Open Source Software Act would direct the Cybersecurity and Infrastructure Security Agency (CISA) to develop a framework for assessing open source software risk. It would also direct the Office of Management and Budget to publish guidance to help agencies secure open source software.

 

https://www.fedscoop.com/open-source-risk-framework-bill/

 

0 Kudos
1 Reply
denbesten
Community Champion
‎09-27-2022 03:47 PM
‎09-27-2022 03:47 PM

"Enhance open-source software security" and "publish guidance to help agencies secure open source software" are not the same thing.

 

To accomplish the former file vulnerability reports, submit patches, sponsor bug-bounties, etc.  The latter is just ordinary vulnerability management, for which a CISA already has a directive.  For those of us in private industry, stay up to date on patching and keep tabs on the software's reputation.

0 Kudos