noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Baker & Hostetler LLP

SEC Director of Enforcement Warns of a ‘Perfect Storm’ Developing Around AI
United States District Court for[...]

Opinion: Doc No. 27 - Case: Civil Case No. 23-2392Williamson v. United[...]
Pramila Jayapal

Jayapal Statement on H.Res.1143 Vote

Technology

U.S. Senate Committee on Homeland Security and Governmental Affairs

09/22/2022 | Press release | Distributed by Public on 09/22/2022 08:44

Peters and Portman Introduce Bipartisan Legislation to Help Secure Open Source Software

Bill Would Help Prevent Exploitation of Vulnerabilities Like One Found In Log4j That Could Compromise Critical Systems

Thursday, September 22, 2022

WASHINGTON, DC - U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee, introduced bipartisan legislation to help protect federal and critical infrastructure systems by strengthening the security of open source software. The legislation comes after a hearing convened by Peters and Portman on the Log4j incident earlier this year, and would direct the Cybersecurity and Infrastructure Security Agency (CISA) to help ensure that open source software is used safely and securely by the federal government, critical infrastructure, and others. A vulnerability discovered in Log4j - which is widely used open source code - affected millions of computers worldwide, including critical infrastructure and federal systems. This led top cybersecurity experts to call it one of the most severe and widespread cybersecurity vulnerabilities ever seen.

"Open source software is the bedrock of the digital world and the Log4j vulnerability demonstrated just how much we rely on it. This incident presented a serious threat to federal systems and critical infrastructure companies - including banks, hospitals, and utilities - that Americans rely on each and every day for essential services," said Senator Peters. "This commonsense, bipartisan legislation will help secure open source software and further fortify our cybersecurity defenses against cybercriminals and foreign adversaries who launch incessant attacks on networks across the nation."

"As we saw with the log4shell vulnerability, the computers, phones, and websites we all use every day contain open source software that is vulnerable to cyberattack," said Senator Portman. "The bipartisan Securing Open Source Software Act will ensure that the U.S. government anticipates and mitigates security vulnerabilities in open source software to protect Americans' most sensitive data."

"This important legislationwill,for the first time ever, codify open source software as public infrastructure," said Trey Herr, Director, Cyber Statecraft Initiative, Scowcroft Center for Strategy and Security, the Atlantic Council. "If signed into law, it would serve as a historic stepfor wider federal support for the health and security of open source software.I am encouraged by the leadership of Senators Peters and Portman on this issue."

The overwhelming majority of computers in the world rely on open source code - freely available code that anyone can contribute to, develop, and use to create websites, applications, and more. It is maintained by a community of individuals and organizations. The federal government, one of the largest users of open source software in the world, must be able to manage its own risk and also help support the security of open source software in the private sector and the rest of the public sector.

The Securing Open Source Software Act would direct CISA to develop a risk framework to evaluate how open source code is used by the federal government. CISA would also evaluate how the same framework could be voluntarily used by critical infrastructure owners and operators. This will identify ways to mitigate risks in systems that use open source software. The legislation also requires CISA to hire professionals with experience developing open source softwareto ensure that government and the community work hand-in-hand and are prepared to address incidents like the Log4j vulnerability. Additionally, the legislation requires the Office of Management and Budget (OMB) to issue guidance to federal agencies on the secure usage of open source software and establishes a software security subcommittee on the CISA Cybersecurity Advisory Committee.

Peters and Portman have led several efforts to strengthen our nation's cybersecurity. Their historic, bipartisan provision to require critical infrastructure owners and operators to report to CISA if they experience a substantial cyber-attack or if they make a ransomware payment was signed into law. The senators' legislation to bolster cybersecurity for state and local governments has also been signed into law. Peters and Portman's bills to protect federal networks, and ensure government can safely adopt cloud technology have also unanimously passed the Senate.

###

Sharing and Personal Tools

Please select the service you want to use: