The CISA is developing a new framework to assess the trustworthiness of open-source software projects. The agency’s open-source software security roadmap aims to increase visibility into OSS use and risks across the federal government.