Scott Andersen

Open-source software (OSS) is code which is freely available for use and is very commonly used for development of both software for information technology plus firmware for operational technology. Current estimates place 98% of codebases containing OSS with OSS constituting 76% of code in use. OSS is a matter of ease of use, but comes with cybersecurity implications since the source code is equally open source which makes it opportune to exploit.

The U.S. Department of Homeland Security’s Science and Technology Directorate and Cybersecurity and Infrastructure Security Agency have an effort where they seek to empower organizations with greater visibility into the OSS amongst their networks/infrastructure to better risk-inform future network/infrastructure assurance.