Article 5HXRC Linux and Open-Source Communities Rise to Biden's Cybersecurity Challenge

Linux and Open-Source Communities Rise to Biden's Cybersecurity Challenge

by
Fnord666
from SoylentNews on (#5HXRC)

upstart writes in with an IRC submission for Runaway1956:

Linux and open-source communities rise to Biden's cybersecurity challenge:

Anyone who thought computer security problems were some abstract trouble that had little to do with their daily life was rudely awakened recently. The Colonial Pipeline ransomware attack saw gas and oil deliveries shut down throughout the southeast. Cybersecurity failures had already become a major problem with the SolarWinds software supply chain attack and the FBI having to step in to fix broken Microsoft Exchange servers. So, on May 12th President Joe Biden signed an executive order to boost the federal government cyber defense and to warn all of America that technology security must be job one now. The Linux Foundation and its related organizations are stepping up to better Linux and open-source security.

The executive order recognized the vital importance of open-source software. It reads in part: "Within 90 days of publication of the preliminary guidelines ... shall issue guidance identifying practices that enhance the security of the software supply chain." Open-source software is specifically named.

The government must ensure "to the extent practicable, to the integrity and provenance of open-source software used within any portion of a product." Specifically, it must try to provide a Software Bill of Materials (SBOM). "This is a formal record containing the details and supply chain relationships of various components used in building software." It's an especially important issue with open-source software because:

Software developers and vendors often create products by assembling existing open source and commercial software components. The SBOM enumerates these components in a product.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments