How to Ensure Open-Source Packages Are Not Landmines

CISA and OpenSSF jointly published new guidance recommending technical controls to make it harder for developers to bring in malicious software components into code.

https://www.darkreading.com/application-security/how-to-ensure-open-source-pckages-are-not-landmines