Cybersecurity continues to be a hot topic. More and more organizations are getting hit by ransomware attacks, critical open software vulnerabilities are making news, and we’re seeing industries and governments coming together to discuss initiatives to improve software security.

The U.S. government has been working with the tech industry and open source organizations such as the Linux Foundation and the Open Source Security Foundation to come up with a number of initiatives in the past couple of years. 

The White House Executive Order on Improving the Nation’s Cybersecurity without a doubt kick-started subsequent initiatives and defined requirements for government agencies to take action on software security and, in particular, open source security. An important White House meeting with tech industry leaders produced active working groups, and only a few weeks later, they issued the Open Source Software Security Mobilization Plan. This plan included 10 streams of work and budget designed to address high-priority security areas in open source software, from training and digital signatures, to code reviews for top open source projects and the issuance of a software bill of materials (SBOM).