Scott Andersen

Scott Andersen

Office of Mission and Capability Support

U.S. Department of Homeland Security Science & Technology Directorate


The Open-Source Software Maze: Understanding the Cybersecurity Risks

Tuesday, May 21st

Open-source software (OSS) is code which is freely available for use and is very commonly used for development of both software for information technology plus firmware for operational technology. Current estimates place 98% of codebases containing OSS with OSS constituting 76% of code in use. OSS is a matter of ease of use, but comes with cybersecurity implications since the source code is equally open source which makes it opportune to exploit.

The U.S. Department of Homeland Security’s Science and Technology Directorate and Cybersecurity and Infrastructure Security Agency have an effort where they seek to empower organizations with greater visibility into the OSS amongst their networks/infrastructure to better risk-inform future network/infrastructure assurance.