Today, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in securing open source software ecosystems, this framework lays out voluntary security maturity levels for package repositories. This publication supports Objective 1.2 of CISA’s Open Source Software Security Roadmap, which states the goal of “working collaboratively [with relevant working groups] to develop security principles for package managers.”
CISA highly encourages package managers and open source community members to review the Principles for Package Repository Security as well as the related OpenSSF blog post, offer feedback, and develop roadmaps for security improvements in their ecosystems. For more information on CISA’s efforts to help secure open source software, see CISA.gov/opensource.
Systems Affected This vulnerability affects the following Microsoft Windows operating systems by default: Microsoft Windows…
CISA, in partnership with Federal Bureau of Investigation, the National Security Agency, Department of Energy,…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international…
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of ongoing intrusions by People’s Republic…
This website uses cookies.