Cybersecurity

New mailing list aims to share hacking attempts on open-source projects

The Siren email list allows members to share active exploitations of open-source projects, fueled by recent attempts to sabotage free-to-use software tooling

Artificial Intelligence

Feds beware: New studies demonstrate key AI shortcomings

Recent studies have started to show that there are serious downsides when it comes to such programs’ ability to produce secure code.

Cybersecurity

Hackers tried to breach, disable widely used open-source Java tools, groups warn

The alert comes just after a possible nation state entity attempted to hijack an open-source Linux tool last month.

Cybersecurity

Linux backdoor was a long con, possibly with nation-state support, experts say

If the XZ Utils vulnerability hadn’t been caught in time, hackers would have had a “skeleton key to the world,” one analyst told Nextgov/FCW.

Artificial Intelligence

NTIA explores the benefits and risks of open-weight AI models

A new request for information issued by the National Telecommunications and Information Administration will inform regulatory policy on open-weight models.

Ideas

Taking open source risks seriously

COMMENTARY | Software bills of materials don't address what tech leaders should actually do to make sure open source components are safe to use.

Cybersecurity

CISA collaborative weighs in on open source software security

The public-private Joint Cyber Defense Collaborative called on the open source software community to further invest in the development of secure software, tools and technologies.

Defense

Army hopes big-data techniques can help secure its clouds

“Multifactor authentication will not be enough,” said the Army’s senior cyber leader.

Cybersecurity

White House looks to shore up open source software security

The Office of the National Cyber Director wants software providers to "contribute back to the security of the open source software they depend upon."

Defense

How the US is using open-source intel to track Russia's war in Ukraine

Analysts are moving beyond who-what-when-where to "really focusing on the why,” a senior defense intelligence official said.

Cybersecurity

House Panel Advances Bills to Boost CISA’s Oversight of Open Source Software, Cyber Training

The two measures, which passed the committee with bipartisan support, would give CISA authority across DHS and the federal government.

Digital Government

NSF Will Invest Up to $28M for STEM Open-Source Ecosystems

The agency is looking for proposals for two phases to translate open-source products into open-source ecosystems.

Modernization

Governments View Open Source as Critical for Enhancing Digital Services, Experts Say

The U.S. government is “still in the process of organizing and coordinating” its own strategy around the use of open source software, according to a CISA official.

Cybersecurity

Senate Legislation to Secure Open Source Software Relies on Transparency Initiative

Success would depend to a significant degree on whether agencies require vendors of information and communications technology to provide a software bill of materials with their products and services.

Modernization

Bipartisan Senate Bill Aims to Safeguard Open Source Software

The Securing Open Source Software Act would task the Office of Management and Budget with issuing guidance around the secure usage of open source software and give new oversight responsibilities to the Cybersecurity and Infrastructure Security Agency.

Ideas

All software is guilty until proven innocent

COMMENTARY | Agencies must embrace "shifting left," an approach that takes securing software in mind at the beginning of the development lifecycle.

Cybersecurity

Key Convener Releases Plan for Securing Open Source Software with White House

A crucial entity within the open source ecosystem is urging prioritization of libraries that support widespread applications like internet routing, among other things.

Cybersecurity

Why the USAF's IT chief is 'bullish' on open source

While there's no such thing as completely secure software, open source can make it stronger through the "power of the crowd," said Lauren Knausenberger, the Air Force's chief information officer.