Overview
Explore the collaborative effort between CISA and the OpenSSF Securing Software Repositories Working Group in developing "Principles for Package Repository Security" in this informative conference talk. Discover the four-level security maturity model designed to help package repositories assess their current security capabilities and plan future improvements. Learn how this voluntary framework aligns with CISA's Open Source Software Security Roadmap and the White House's National Cybersecurity Strategy. Gain insights into the model's content, its development process, and its potential impact on bolstering open source software security within government and the broader ecosystem. Engage with the speakers to understand how to effectively collaborate with CISA and open source package repositories to enhance overall security practices.
Syllabus
Public Sector + OpenSSF: Principles for Package Repository Security - Jack Cable & Zach Steindler
Taught by
Linux Foundation