A pair of influential senators have devised a plan to beef up the federal government’s approach to securing open-source software, or tools that developers create for free public consumption.
Driving the news: Senate Homeland Security Committee leaders Gary Peters (D-Mich.) and Rob Portman (R-Ohio) introduced a bill Thursday requiring CISA to develop a risk framework laying out how the federal government relies on open-source code.
Between the lines: Since last year’s Log4j vulnerability, both the federal government and industry have been scrambling to figure out how to toughen open-source software.
Details: Peters and Portman’s Securing Open Source Software Act would require CISA and other federal offices to tackle the issue in a few ways:
The intrigue: Peters and Portman have been behind some of the most influential pieces of cybersecurity legislation in the last few years, so this bill could stand a good chance of making it through Congress.
Yes, but: Congress faces a truncated legislative schedule as the midterm elections approach, leaving little time for the lawmakers to get their bill passed before a new session begins.