Categories: US-Cert-Repository

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security

Today, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in securing open source software ecosystems, this framework lays out voluntary security maturity levels for package repositories. This publication supports Objective 1.2 of CISA’s Open Source Software Security Roadmap, which states the goal of “working collaboratively [with relevant working groups] to develop security principles for package managers.”

CISA highly encourages package managers and open source community members to review the Principles for Package Repository Security as well as the related OpenSSF blog post, offer feedback, and develop roadmaps for security improvements in their ecosystems. For more information on CISA’s efforts to help secure open source software, see CISA.gov/opensource.

Source link

admin

Next CISA Adds One Known Exploited Vulnerability to Catalog »

Previous « CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance

This website uses cookies.

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security

Recent Posts

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds Four Known Exploited Vulnerabilities to Catalog