How to Ensure Open Source Packages Are Not Landmines

CISA and OpenSSF jointly published new guidance recommending technical controls to make it harder for developers to bring malicious software components into code.