Open-source security has been high on the agenda this year, with a number of initiatives, projects, and guidance launched in 2022 to help improve the cyber resiliency of open-source code, software and development. Vendors, tech firms, collectives and governments have contributed to helping raise the open-source security bar amid organizations’ increasing use of and reliance upon open-source resources, along with the complex security risks and challenges that come with it.
“2022 has intensified the necessary focus on the important topics of open-source security, including supply chain security. It has also accelerated efforts to identify what was left to do, and then start doing it. In sum: things are just getting started, but progress has been made,” David A. Wheeler, director of open-source supply chain security at the Linux Foundation, tells CSO.