Cybersecurity, Privacy, & AI

Trending Now
You Just Got A CMMC Letter. Now What? • AI-Enabled Vulnerability Discovery: What Next-Gen Tools Mean for the Management of Cybersecurity Risk • Darktrace Report Highlights Cyber Threats Against Global Sporting Sector • Disclosure to Generative-AI Tools Can Create Patent Prosecution Risk • AI Company Anthropic Suspends Access to Claude Fable 5, Claude Mythos 5 Following US Export Control Directive
Protests & Claims Newsletter Cyber & Privacy Newsletter Compliance & Enforcement Newsletter Development Newsletter Transforming Procurement Newsletter
Published on August 23, 2022 Cyber

House-Passed Bill Would Require DoD Vendors to Certify Software is Free of Vulnerabilities

House-Passed Bill Would Require DoD Vendors to Certify Software is Free of Vulnerabilities

A provision in the House-passed NDAA for next year would require developers who sell software to the Department of Defense to certify that is “free from all known vulnerabilities,” a superficially simple measure which has instead become the subject of debate among cybersecurity experts. On one hand, proponents—including the Biden Administration—argue that the users of software unfairly shoulder the burden of maintaining cybersecurity. Deputy national security advisor Anne Neuberger compared this proposed requirement to rules governing the automotive industry, where manufacturers retain ownership and responsibility for flaws throughout the life of a vehicle. Critics argue that it’s impossible to certify this genuinely. Dan Lorenc, a former Google software engineer and CEO of Chainguard, wrote that “this idea is just misguided at best and an impending s***show at worst.”

Source:

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–SaturdaySubscribe here.

© PubKGroup 2024