Bipartisan legislation fostering open-source software security has been approved by the Senate Homeland Security Committee just a week following its introduction by committee head Gary Peters, D-Mich., and ranking member Rob Portman, R-Ohio, reports The Record
, a news site by cybersecurity firm Recorded Future.
Proposed as a result of the emergence of the widespread Log4j vulnerability last year, the Securing Open Source Software Act
would mandate the Cybersecurity and Infrastructure Security Agency to establish a risk framework on the federal government's open-source code use within the next 12 months and enlist experts who would work to ensure open-source code security, as well as require the Office of Management and Budget to release federal open-source security guidance.
Despite receiving panel approval, the few remaining legislative days could mean that the full Senate may need to add the bill to the annual defense policy legislation or other measures.
Meanwhile, the committee has also passed a bill that would compel the creation of a free cybersecurity training program for critical infrastructure cyber personnel under CISA.