Securing Open Source Software Act of 2023
This bill sets forth the duties of the Cybersecurity and Infrastructure Security Agency (CISA) regarding open source software security.
Open source software means software for which the human-readable source code is made available to the public for use, study, reuse, modification, enhancement, and redistribution.
Specifically, CISA must
CISA must (1) publish a framework, incorporating government, private sector, and open source software community frameworks and best practices, for assessing the risk of open source software components; (2) update the framework at least annually; and (3) ensure, to the greatest extent practicable, that the framework is usable by the open source software community.
The bill requires CISA to assess open source software components deployed on high value assets at federal agencies based on the framework and provides for a pilot assessment of critical infrastructure.
CISA's Cybersecurity Advisory Committee may establish a software security subcommittee.
Securing Open Source Software Act of 2023
This bill sets forth the duties of the Cybersecurity and Infrastructure Security Agency (CISA) regarding open source software security.
Open source software means software for which the human-readable source code is made available to the public for use, study, reuse, modification, enhancement, and redistribution.
Specifically, CISA must
CISA must (1) publish a framework, incorporating government, private sector, and open source software community frameworks and best practices, for assessing the risk of open source software components; (2) update the framework at least annually; and (3) ensure, to the greatest extent practicable, that the framework is usable by the open source software community.
The bill requires CISA to assess open source software components deployed on high value assets at federal agencies based on the framework and provides for a pilot assessment of critical infrastructure.
CISA's Cybersecurity Advisory Committee may establish a software security subcommittee.
Securing Open Source Software Act of 2023
This bill sets forth the duties of the Cybersecurity and Infrastructure Security Agency (CISA) regarding open source software security.
Open source software means s...
Specifically, CISA must
CISA must (1) publish a framework, incorporating government, private sector, and open source software community frameworks and best practices, for assessing the risk of open source software components; (2) update the framework at least annually; and (3) ensure, to the greatest extent practicable, that the framework is usable by the open source software community.
The bill requires CISA to assess open source software components deployed on high value assets at federal agencies based on the framework and provides for a pilot assessment of critical infrastructure.
CISA's Cybersecurity Advisory Committee may establish a software security subcommittee.