{"id":251611,"date":"2026-05-21T13:05:00","date_gmt":"2026-05-21T17:05:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/21\/cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements\/"},"modified":"2026-05-21T13:35:11","modified_gmt":"2026-05-21T17:35:11","slug":"cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/21\/cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements\/","title":{"rendered":"CISA chief frets about open-source vulnerabilities, delayed security improvements"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements\/\">CISA chief frets about open-source vulnerabilities, delayed security improvements<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements\/\">https:\/\/cyberscoop.com\/cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-21 13:05:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some \u201chard decisions\u201d amid a wave of malware attacks, the leader of the Cybersecurity and Infrastructure Security Agency said Thursday.<\/p>\n<p>\u201cThe open-source community is one that I\u2019m particularly worried about when we start to think about rapid escalation of vulnerability discovery,\u201d acting director Nick Andersen said, referencing a cartoon about how key technologies that underpin the internet are often maintained by a single person.\u00a0<\/p>\n<p>In one recent attack, a hacker hijacked an account of a single open-source project maintainer to\u00a0 publish malicious updates for axios, popular with software developers, raising the potential for attacks that could spread more widely. TeamPCP, a suspected North Korean hacking group, has been on a sweeping spree of open-source attacks.<\/p>\n<p>\u201cThere\u2019s tremendous opportunity here to re-architect areas \u2026 to make investments in areas where we know that we\u2019ve been lacking, and to just force some hard security decisions to be made\u2026 where people thought that their risk profile was different than what it is,\u201d Andersen said.\u00a0 \u201cWe see the escalation in terms of speed, scale and velocity of vulnerability discovery to weaponization and exploitation.\u201d<\/p>\n<p>CISA has been working with industry and others \u201cto modify our approach to vulnerability management, modify our approach to coordinated vulnerability disclosure, modify our approach to remediation, with the explicit understanding that we\u2019re just not going to be able to keep up using traditional mechanisms,\u201d Andersen said, speaking at the National Cyber Innovation Forum in Washington, D.C.<\/p>\n<p>The government and private sector can work together to identify the biggest threats and then give them the right level of attention, he said. On the federal government side, that means working to get a full picture of the extent of&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA chief frets about open-source vulnerabilities, delayed security improvements https:\/\/cyberscoop.com\/cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements\/ Publish Date: 2026-05-21 13:05:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":251612,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2026\/05\/GettyImages-2271116965.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,35,32,27],"class_list":["post-251611","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-hacker","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251611"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=251611"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251611\/revisions"}],"predecessor-version":[{"id":251613,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251611\/revisions\/251613"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/251612"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=251611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=251611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=251611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}