The United States cyber defense agency is creating a new framework to answer a critical question in cybersecurity: How can the trustworthiness of open-source security projects be accurately measured and transparently communicated?

The Cybersecurity and Infrastructure Security Agency is in the second phase of its open-source software security road map, according to a Monday blog post. The road map aims to enhance visibility into OSS use and risks across the federal government.