CISA Open Source Software Security Roadmap

Publish Date

CISA’s Open Source Software Security Roadmap lays out CISA’s path forward to help ensure a secure open source software ecosystem. 

Open source software is software that anyone can access, modify, and distribute, which can lead to greater collaboration and higher-quality code. At the same time, vulnerabilities like Log4shell have illustrated the downstream impact for flaws in widely used open source code. 

The roadmap lays out four key priorities to help secure the open source software ecosystem: (1) establishing CISA’s role in supporting the security of open source software, (2) driving visibility into open source software usage and risks, (3) reducing risks to the federal government, and (4) hardening the open source ecosystem. 

Feedback on CISA’s open source efforts is welcome and can be sent to