A demand for real consequences: Sonatype’s response to CISA’s Secure by Design
In the fast-changing fields of cybersecurity and software development, the importance of creating secure software is more crucial than ever. Recently, my colleagues and I at the Open Source Security Foundation (OpenSSF) finalized a response to the latest Secure by Design RFC from the Cybersecurity and Infrastructure Security Agency (CISA) ... Read More
White House National Cybersecurity Strategy: Landmark Action for a Critical Threat
The last decade has seen increased reliance on software across every part of our lives. In parallel, we’ve seen a massive increase in attacks on this digital infrastructure, causing harm to financial markets, hospitals, and ultimately human lives. While there has been an increasing understanding within the software industry of ... Read More
Innovation at the Expense of Cybersecurity? No More!
Earlier this month, Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security signaled a major shift in the federal government’s approach to cybersecurity risk and responsibility. In their Foreign Affairs article Stop Passing the Buck on Cybersecurity, Easterly and Goldstein ... Read More
A Clear Path Forward Toward More Secure and Maintainable Open Source Software
It’s rare to see a community truly come together for the common good, but that’s exactly what happened yesterday within our open source community. We cherished the opportunity to participate in a conversation, led by the Open Source Security Foundation (OpenSSF), where industry, open source foundations, and government all came ... Read More