CISA Open Source Software Security Roadmap

It seems a little odd for a cyber security agency to only post:<p>1. vague text<p>2. a contact email address<p>3. a PDF<p>You&#x27;d expect this from an email scam, not a .gov site with a valid SSL cert.