CISA and OpenSSF Release Framework for Package Repository Security
CISA and OpenSSF Release Framework for Package Repository Security
12 February 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it's partnering with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish a new framework to secure package repositories.
Called the Principles for Package Repository Security, the framework aims to establish a set of foundational rules for package