topic Senate Bill Addresses Open Source Software Protection in Industry News https://community.isc2.org/t5/Industry-News/Senate-Bill-Addresses-Open-Source-Software-Protection/m-p/53769#M5955 <P><SPAN>Members of the US Senate Homeland Security Committee have introduced a bill that aims to enhance open-source software security. The Securing Open Source Software Act would direct the Cybersecurity and Infrastructure Security Agency (CISA) to develop a framework for assessing open source software risk. It would also direct the Office of Management and Budget to publish guidance to help agencies secure open source software.</SPAN></P><P>&nbsp;</P><P><SPAN><A href="https://www.fedscoop.com/open-source-risk-framework-bill/" target="_blank">https://www.fedscoop.com/open-source-risk-framework-bill/</A></SPAN></P><P>&nbsp;</P> Tue, 27 Sep 2022 18:30:23 GMT dcontesti 2022-09-27T18:30:23Z Senate Bill Addresses Open Source Software Protection https://community.isc2.org/t5/Industry-News/Senate-Bill-Addresses-Open-Source-Software-Protection/m-p/53769#M5955 <P><SPAN>Members of the US Senate Homeland Security Committee have introduced a bill that aims to enhance open-source software security. The Securing Open Source Software Act would direct the Cybersecurity and Infrastructure Security Agency (CISA) to develop a framework for assessing open source software risk. It would also direct the Office of Management and Budget to publish guidance to help agencies secure open source software.</SPAN></P><P>&nbsp;</P><P><SPAN><A href="https://www.fedscoop.com/open-source-risk-framework-bill/" target="_blank">https://www.fedscoop.com/open-source-risk-framework-bill/</A></SPAN></P><P>&nbsp;</P> Tue, 27 Sep 2022 18:30:23 GMT https://community.isc2.org/t5/Industry-News/Senate-Bill-Addresses-Open-Source-Software-Protection/m-p/53769#M5955 dcontesti 2022-09-27T18:30:23Z Re: Senate Bill Addresses Open Source Software Protection https://community.isc2.org/t5/Industry-News/Senate-Bill-Addresses-Open-Source-Software-Protection/m-p/53778#M5959 <P>"<SPAN>Enhance open-source software security" and&nbsp;</SPAN>"<SPAN>publish guidance to help agencies secure open source software</SPAN>" are not the same thing.</P><P>&nbsp;</P><P><SPAN>To accomplish the former file vulnerability&nbsp;reports, submit patches, sponsor bug-bounties, etc.&nbsp; The latter is just ordinary vulnerability management, for which a CISA already has <A href="https://www.cisa.gov/binding-operational-directive-22-01" target="_blank" rel="noopener">a directive</A>.&nbsp; For those of us in private industry,&nbsp;</SPAN><SPAN>stay up to date on patching and keep tabs on the software's reputation.</SPAN></P> Tue, 27 Sep 2022 19:47:26 GMT https://community.isc2.org/t5/Industry-News/Senate-Bill-Addresses-Open-Source-Software-Protection/m-p/53778#M5959 denbesten 2022-09-27T19:47:26Z