Explore the collaborative effort between CISA and the OpenSSF Securing Software Repositories Working Group in developing "Principles for Package Repository Security" in this informative conference talk. Discover the four-level security maturity model designed to help package repositories assess their current security capabilities and plan future improvements. Learn how this voluntary framework aligns with CISA's Open Source Software Security Roadmap and the White House's National Cybersecurity Strategy. Gain insights into the model's content, its development process, and its potential impact on bolstering open source software security within government and the broader ecosystem. Engage with the speakers to understand how to effectively collaborate with CISA and open source package repositories to enhance overall security practices.
Overview
Syllabus
Public Sector + OpenSSF: Principles for Package Repository Security - Jack Cable & Zach Steindler
Taught by
Linux Foundation
Tags
Related Courses
-
Improving Package Repository Security - From White Papers to Practice
-
Building and Using the OpenSSF Security Toolbelt - 6 Months In
-
Security Is an Ecosystem - We Can't Be Secure in Isolation
-
What Role Do Package Registries Have in Securing the Supply Chain?
-
Open Source Software Security Mobilization Plan - Press Briefing
-
Summing Up the OpenSSF Summit - May 2022 Gathering and Action Plan
