Bipartisan legislation fostering open-source software security has been approved by the Senate Homeland Security Committee just a week following its introduction by committee head Gary Peters, D-Mich., and ranking member Rob Portman, R-Ohio, reports The Record, a news site by cybersecurity firm Recorded Future.
Proposed as a result of the emergence of the widespread Log4j vulnerability last year, the Securing Open Source Software Act would mandate the Cybersecurity and Infrastructure Security Agency to establish a risk framework on the federal government's open-source code use within the next 12 months and enlist experts who would work to ensure open-source code security, as well as require the Office of Management and Budget to release federal open-source security guidance.
Despite receiving panel approval, the few remaining legislative days could mean that the full Senate may need to add the bill to the annual defense policy legislation or other measures.
Meanwhile, the committee has also passed a bill that would compel the creation of a free cybersecurity training program for critical infrastructure cyber personnel under CISA.
Okta had 4,961 current and former employees' data, including names, health insurance plan numbers, and Social Security numbers, compromised following a breach at its third-party vendor Rightway Healthcare, reports The Register.
Optimizing AppSec: A Deep Dive into ASPM’s Risk-Based Approach
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Perfecting the third-party lifecycle: Conquering risk in every phase
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news