Will Open Source Security Be On The Federal Agenda In 2015?

Brian Heaton | Government Technology | January 8, 2015

A bill introduced late last year could be a precursor of things to come, as lawmakers wade into more cybersecurity issues.

Open source code security has been in the spotlight since the Heartbleed bug infected the Canada Revenue Agency website last year. Found embedded in OpenSSL, one of the Web’s most common security systems, Heartbleed sent public-sector IT personnel scrambling to test their agencies’ websites to make sure they were clean and protected.

But now elected officials are wading into the issue. Federal lawmakers have drafted legislation to help ensure Uncle Sam is buying clean software.

Reps. Ed Royce, R-Calif., and Lynn Jenkins, R-Kan., introduced H.R. 5793, the Cyber Supply Chain Management and Transparency Act of 2014, on Dec. 4. The bill requires vendors to provide procuring agencies with a list of all open source and third-party components embedded in their software and demonstrate they have no known cybersecurity issues. In addition, the measure directed the Office of Management and Budget (OMB) to draft guidelines for agencies to follow in the event security risks in the software are found...