The US Securing Open Source Software Act of 2022 is a step in the right direction
Javier Perez Contributor
Passionate about technology and open source software, Javier Perez is the leading open source evangelist and senior director of product management at Perforce.
Cybersecurity continues to be a hot topic. More organizations are being hit by ransomware attacks, critical open source software vulnerabilities are in the news, and we're seeing industries and governments come together to discuss initiatives to improve software security.< /p>
The US government has worked with the technology industry and open source organizations such as the Linux Foundation and the Open Source Security Foundation to come up with a number of initiatives over the past two years.
The White House Executive Order on Improving the Nation's Cybersecurity undoubtedly launched subsequent initiatives and set requirements for government agencies to take action on software security and, in particular , open-source security. A major White House meeting with tech industry leaders produced active task forces, and only weeks later they released the Open Source Software Security Mobilization Plan. This plan included 10 workflows and budgets designed to address high-priority security areas in open source software, from training and digital signatures, to code reviews for major open source projects and bill of materials release. software (SBOM).< /p>
The act directly addresses the three main areas of interest in improving open source security: vulnerability detection and disclosure, SBOMs, and OSPOs.
A recent government initiative regarding open source security is the Securing Open Source Software Act, a bipartisan bill by US Senators Gary Peters, a Democrat from Michigan, and Rob Portman, a Republican from Ohio. Senators Peters and Portman are chair and ranking member of the Senate Homeland Security and Governmental Affairs Committee, respectively. They were at the Senate Log4j hearings and then introduced this legislation to improve open source security and best practices in government by establishing the duties of the Director of the Cybersecurity and Infrastructure Security Agency (CISA).
This is a turning point in US legislation, as it is, for the first time, specific to the security of open source software. The legislation recognizes the importance of open source software and recognizes that "a secure, healthy, vibrant, and resilient open source software ecosystem is crucial to ensuring the national security and economic vitality of the United States." Finally, it states that the federal government should play a supportive role in ensuring the long-term security of open source software.
Javier Perez Contributor
Passionate about technology and open source software, Javier Perez is the leading open source evangelist and senior director of product management at Perforce.
Cybersecurity continues to be a hot topic. More organizations are being hit by ransomware attacks, critical open source software vulnerabilities are in the news, and we're seeing industries and governments come together to discuss initiatives to improve software security.< /p>
The US government has worked with the technology industry and open source organizations such as the Linux Foundation and the Open Source Security Foundation to come up with a number of initiatives over the past two years.
The White House Executive Order on Improving the Nation's Cybersecurity undoubtedly launched subsequent initiatives and set requirements for government agencies to take action on software security and, in particular , open-source security. A major White House meeting with tech industry leaders produced active task forces, and only weeks later they released the Open Source Software Security Mobilization Plan. This plan included 10 workflows and budgets designed to address high-priority security areas in open source software, from training and digital signatures, to code reviews for major open source projects and bill of materials release. software (SBOM).< /p>
The act directly addresses the three main areas of interest in improving open source security: vulnerability detection and disclosure, SBOMs, and OSPOs.
A recent government initiative regarding open source security is the Securing Open Source Software Act, a bipartisan bill by US Senators Gary Peters, a Democrat from Michigan, and Rob Portman, a Republican from Ohio. Senators Peters and Portman are chair and ranking member of the Senate Homeland Security and Governmental Affairs Committee, respectively. They were at the Senate Log4j hearings and then introduced this legislation to improve open source security and best practices in government by establishing the duties of the Director of the Cybersecurity and Infrastructure Security Agency (CISA).
This is a turning point in US legislation, as it is, for the first time, specific to the security of open source software. The legislation recognizes the importance of open source software and recognizes that "a secure, healthy, vibrant, and resilient open source software ecosystem is crucial to ensuring the national security and economic vitality of the United States." Finally, it states that the federal government should play a supportive role in ensuring the long-term security of open source software.
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
