Back in February Revenera posted a blog titled “2021 Will Be the Year of the Automated Software Bill of Materials”. That prediction got a lot closer to reality by an executive order signed by President Biden.
The order—focused on cybersecurity—includes new security requirements for software vendors selling software to the U.S. government. Some of the specific requirements in the order include:
- Providing a purchaser a Software Bill of Materials (SBOM) for each product either directly or by other means such as a website
- Employing automated tools or processes to maintain trusted source code supply chains and ensuring code integrity
- Using automated tools and processes to check for known and unknown vulnerabilities for remediation
- Participating in a vulnerability disclosure program that includes a reporting and disclosure process
- Maintaining accurate and up-to-date data and controls on internal and third-party software components, tools, and services present in the software development process
- Performing audits and enforcement of these controls on a recurring basis
Companies that do not follow these standards are not permitted to sell software to the federal government.
What Does All of This Mean to You?
You can find the full article here