Several U.S. government agencies have collaborated to produce new cybersecurity guidance for the use of open-source software (OSS) in operational technology (OT). The document aims to promote understanding of OSS and its implementation in industrial control systems (ICS) and other OT environments, offering best practices for secure use. It details recommendations for supporting OSS development, patching vulnerabilities, and using the Cross-Sector Cybersecurity Performance Goals (CPGs) to adopt security best practices. The guidance suggests implementing ‘secure-by-design’ and ‘secure-by-default’ approaches to reduce risks in OT.

Read more: https://www.securityweek.com/us-government-releases-open-source-security-guidance-for-ot-ics/