Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
jrochkind1
3y ago
0 comments
Save
Share
Right, but it's focused on helping the government decide what open source not to use, rather than on actually making open source more secure.
0 comments
1 comments · 1 top-level
top
newest
oldest
kube-system
3y ago
The risk framework isn’t written yet, this just directs CISA to write one. While evaluating dependencies is often a part of what you’d do in a risk framework, it’s typically just one part.
j
/
k
navigate · click thread line to collapse
