Hot Topics
SBN News Security Bloggers Network 
SBN

Biden Executive Order on Cybersecurity Calls for Enhanced Software Supply Chain Security

Avatar photo by Matt Howard on May 12, 2021

The newly minted, and highly anticipated, Cybersecurity Executive Order from President Biden, marks the strongest stance ever taken by the Federal government in an attempt to secure our nation’s software supply chains from attack.  For the first time in history, any company that sells software to the federal government will be required to provide not just the application —  but also a software bill of materials (SBOM) that provides transparency pertaining to the components that comprise the application.

The timing of the order is not coincidental; it follows the recent Solarwinds and Codecov software supply chain attacks, coincides with a 430% rise in attacks aimed at open source projects, and it was issued on the same day that witnessed massive shortages of gas at the pump for many Americans due to the cyber attack on Colonial Pipelines.

What Does the Executive Order on Cybersecurity Say about SBOMs and Secure Development? 

Biden’s Cybersecurity Executive Order calls for the Commerce Department’s National Institute of Standards and Technology (NIST) to publish preliminary guidelines within six months for software supply-chain security, and final guidelines within a year. The guidance should include how to check for vulnerabilities, how to find evidence of flaws, ensuring up-to-date provenance of open source and source code, and instructions for using automated tools to validate trusted code.

What is a Software Bill of Materials? 

An SBOM is a list of ingredients (components) that make up a software application. 

In today’s world, too many organizations don’t have a full picture of what’s inside their software. Most aren’t even looking.  The fact is that fewer than 50% of companies today produce SBOMs as a standard practice in software development.  At the same time, breaches tied to open source software components used in applications impact 1 (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Matt Howard. Read the original post at: https://blog.sonatype.com/biden-executive-order-on-cybersecurity-calls-for-enhanced-software-supply-chain-security

Matt Howard , , ,
Avatar photo

Matt Howard

Matt Howard is CMO and SVP of Sonatype, the inventors of software supply chain automation. He is a proven executive and entrepreneur with over 20 years experience developing high-growth software companies. Prior to Sonatype, Mr. Howard co-founded, developed and successfully sold two software companies.

matt-howard has 13 posts and counting.See all posts by matt-howard

Secure Guardrails