Advertisement
Subscribe to our daily newsletter.
Subscribe

Senators reintroduce bipartisan bill to push for open source software security within federal gov

The bill was previously proposed in response to the Log4j vulnerability that affected millions of IT systems around the world.

By

WASHINGTON, DC - DECEMBER 07: Sen. Gary Peters (D-MI) speaks at a press conference alongside U.S. Senate Majority Leader Chuck Schumer (D-NY) about the Senate Democrats expanded majority for the next 118th Congress at the U.S. Capitol Building. (Photo by Anna Moneymaker/Getty Images)

Senators on Thursday reintroduced bipartisan legislation to help protect the federal government and critical infrastructure systems by ensuring open source software used by them is safe and secure after a major open source software vulnerability was discovered last year. 

Senators Gary Peters, D-MI., Chairman of the Homeland Security and Governmental Affairs Committee, and Josh Hawley, R-MO., reintroduced the Securing Open Source Software Act last week which would direct the Cybersecurity and Infrastructure Security Agency (CISA) to develop a risk framework to evaluate how open source code is used by the federal government. 

Peters first proposed the bill in September last year after holding a Senate hearing in response to the discovery of a severe, widespread Log4j vulnerability in open source code affecting federal systems and millions of others worldwide.

“The Log4j incident demonstrated that we must work to secure open source software against persistent and evolving cybersecurity threats,” Senator Peters said in a statement. “This bipartisan bill will help ensure this widely used software is secure against foreign adversaries and cybercriminals seeking to disrupt our national and economic security.”

Advertisement

The Securing Open Source Software Act would have CISA hire open source software experts to help address cyber incidents, require the Office of Management and Budget to issue guidance for agencies on securing open source software, and establish a software security subcommittee of the CISA Cybersecurity Advisory Committee.

CISA would also evaluate how the same framework could be voluntarily used by critical infrastructure owners and operators. This will identify ways to mitigate risks in systems that use open source software. 

“At a time when our adversaries, particularly the Chinese Communist Party, continue to attack and exploit our federal agencies’ software vulnerabilities, it is imperative that Congress work to bolster our national cybersecurity,” Senator Hawley said in a statement. “The Securing Open Source Software Act is a great step toward better understanding the risk associated with software deficiencies, and better defending the U.S. government and its critical infrastructure from cyberattacks by our enemies.”

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

WASHINGTON, DC – SEPTEMBER 21: Sen. Rob Portman (R-OH) speaks to Sen. Gary Peters (D-MI) at a hearing to discuss security threats 20 years after the 9/11 terrorist attacks at the U.S. Capitol on September 21, 2021 in Washington, DC. (Photo by Greg Nash – Pool/Getty Images)

Senators introduce bipartisan bill to improve federal agencies’ customer service

The Improving Government Services Act pushes federal agencies to develop plans to implement private-sector customer experience best practices into public programs.
By Nihal Krishan

Latest Podcasts

Senators reintroduce bipartisan bill to push for open source software security within federal gov

CISA is building an automated ransomware warning program

GSA’s Login.gov platform gets a new director

DOD’s Ashley Elizabeth Evans on effectively implementing AI

Tech

Defense

Cyber

Acquisition