Session: The U.S. Government’s Approach to Open Source Security
While the Log4shell vulnerability was a wakeup call to many in government, it illustrated what many in the open source community knew for years: that the security of core open source dependencies is of critical importance for the security of our global infrastructure. In this talk, hear from U.S. Cybersecurity and Infrastructure Security Agency (CISA) Senior Technical Advisor Jack Cable on how the U.S. government is working to help secure the open source ecosystem by showing up as an open source community infrastructure. Jack will highlight CISA’s actions stemming from CISA’s Open Source Software Security Roadmap along four lines of effort: establishing relationships with the open source community, including through a summit CISA held with the open source community in March, understanding the prevalence of open source software, securing the Federal government’s use of open source software (including through OSPOs), and bolstering the security of the broader open source ecosystem through CISA’s work with package repositories.
This session will be recorded
