Recently, the United States passed a bipartisan legislation that once again included open source software security as a key consideration, called the “Protect Open Source Software Act” (Securing Open Source Software Act)the goal is to protect critical infrastructure.

U.S. Senator Gary Peters (D-MI) and Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee Rob Portman (R-OH) Bipartisan legislation has been proposed to help protect federal and critical infrastructure by enhancing open-source software security.

“Open source software is the cornerstone of the digital world, and the Log4j vulnerability is a testament to how reliant we are on it,” said Gary Peters. “This incident poses a serious threat to federal systems and critical infrastructure companies, including banks, hospitals and utilities. threats because Americans rely on these companies every day for essential services. This common-sense, bipartisan legislation will help protect open source software and further strengthen our cybersecurity against cybercrime and foreign adversaries who continue to attack the nation’s networks defense.”

Rob Portman also said: “As we saw with the Log4shell vulnerability, the computers, mobile phones and websites we use every day contain open source software that is vulnerable to cyberattacks, and the bipartisan Protect Open Source Software Act will ensure the U.S. government anticipates and mitigates exposure to open source software. security breaches to protect Americans’ most sensitive data.“

It is said that this important legislation will be the first time in the history of the United States that open source software will be included in the public infrastructure.

The Protecting Open Source Software Act will direct CISA (Cybersecurity and Infrastructure Security Agency) to develop a risk framework to assess how open source code is used by the federal government.

CISA will also assess how critical infrastructure owners and operators can voluntarily use the same framework. This will identify ways to reduce risk in systems using open source software. The legislation also requires CISA to hire professionals with experience developing open source software to ensure governments and communities work together and are prepared for events such as the Log4j vulnerability. Additionally, the legislation requires the Office of Management and Budget (OMB) to issue guidance to federal agencies on the secure use of open source software and to create a software security subcommittee under the CISA Cybersecurity Advisory Committee.

Further reading