Explore the collaborative effort between CISA and the OpenSSF Securing Software Repositories Working Group in developing "Principles for Package Repository Security" in this informative conference talk. Discover the four-level security maturity model designed to help package repositories assess their current security capabilities and plan future improvements. Learn how this voluntary framework aligns with CISA's Open Source Software Security Roadmap and the White House's National Cybersecurity Strategy. Gain insights into the model's content, its development process, and its potential impact on bolstering open source software security within government and the broader ecosystem. Engage with the speakers to understand how to effectively collaborate with CISA and open source package repositories to enhance overall security practices.
Overview
Syllabus
Public Sector + OpenSSF: Principles for Package Repository Security - Jack Cable & Zach Steindler
Taught by
Linux Foundation
Tags
Related Courses
-
Driving Security at Scale: Principles for Package Repository Security - Lecture
-
The U.S. Government's Approach to Open Source Security
-
Improving Package Repository Security - From White Papers to Practice
-
What is the OpenSSF? - An Introduction to the Open Source Security Foundation
-
Proactive Supply Chain Security with GUAC
-
What is OpenSSF? - Securing Open Source Software Supply Chains
