Bipartisan open source security legislation introduced in Senate

Legislation seeking to address open source software risks in government has been introduced by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, according to The Record, a news site by cybersecurity firm Recorded Future. Aside from mandating the Cybersecurity and Infrastructure Security Agency to develop a "risk framework" on government and critical infrastructure utilization of open source code, as well as work to reduce open source software risks and address open source vulnerabilities, the Securing Open Software Act would also require the Office of Management and Budget to create guidelines on secure open source software use among agencies. Peters and Portman noted that the bill has been prompted by the emergence of the Log4j vulnerability, which showed the serious threat of open source software flaws to federal systems and critical infrastructure entities. "This commonsense, bipartisan legislation will help secure open source software and further fortify our cybersecurity defenses against cybercriminals and foreign adversaries who launch incessant attacks on networks across the nation," said Peters.