H.R. 3286 would authorize the Cybersecurity and Infrastructure Security Agency (CISA) to improve the security of open-source software, or computer code that is publicly available for anyone to use or modify. The bill would require the agency to identify and mitigate vulnerabilities in open-source software used by federal agencies. Under the bill, CISA would conduct annual assessments of the security of commonly used open-source software.