Open Source Software Security

Open source software is widely used across the federal government and every critical infrastructure sector. As America’s Cyber Defense Agency, CISA works to understand and reduce cyber threats to the federal government and critical infrastructure. Ensuring secure open source software is a critical part of this effort.

CISA’s Open Source Software Security Roadmap establishes CISA’s role in helping to secure open source software by aligning it with CISA’s mission to identify and reduce risks to the federal government and critical infrastructure. In turn, CISA’s efforts will contribute to the improved security of the broader open source ecosystem.

CISA has several ongoing initiatives around open source security, including our community-driven work around software bill of materials (SBOM). We also actively contribute by open sourcing much of our code via our “open-by-default” software development policy.

We Want Your Input to Help Secure Open Source Software

If you are a member of the open source software community or work to secure open source software, we want your input on where the government should focus areas for prioritization to secure open source software.

learn more

Related Resources

Software Bill of Materials (SBOM)

A SBOM is a nested inventory, a list of ingredients that make up software components. CISA will advance the SBOM work by facilitating community engagement, development, and progress.

Contact Us

Do you have feedback on our OSS security work, or ideas where we can help contribute? Please share your thoughts by emailing us at: OpenSource@cisa.dhs.gov.

Open Source Software Security

Featured Content

CISA Open Source Software Security Roadmap

CISA GitHub

Blog: Memory Safe and Secure Coding

Blog: Open Source Software Must Start with Secure Code

We Want Your Input to Help Secure Open Source Software

Related Resources

Software Bill of Materials (SBOM)

Contact Us