Cybersecurity, Privacy, & AI

Trending Now

FedRAMP Just Dropped CR26 in Public Preview & the Whole Game Is Changing • The Cyber Strategy for America: How AI-Powered Security, Shared Services Enable Agile Cyber Defense • DoD Wants More Than $2B in Fiscal 2027 to Move Beyond ‘Fragmented’ CJADC2 Deployments • Tech Force Director Says Roughly 200 Have Been Hired Through the Program • OpenAI Heralds Cybersecurity, Election Interference Safeguard Plans for 2026 Midterms

Published on July 12, 2021 • Cyber

Langevin, Industry Representatives Disagree about Software Bills Of Materials

everything possible | Shutterstock

NIST has published its definition of “critical software” as directed by Biden’s cybersecurity executive order: identifying applications that run with elevated privileges or control a company’s computing infrastructure, and the software libraries on which they depend. The extent to which such libraries should be included in the National Telecommunications and Information Administration’s “software bills of materials” requirements has become a point of contention.

The U.S. Chamber of Commerce and the Information Technology Industry Council have asked for flexibility, especially on how deep an SBOM should be required to go in describing its transitive dependencies, arguing this could place a burden on developers. However Representative Jim Langevin (D-RI), chair of the House Armed Services Cybersecurity Subcommittee, has asked NTIA to refrain from such considerations, blaming the government’s cybersecurity problem in part on a reluctance to invest in software security.

Source:

Nextgov: Lawmaker, Tech Companies Clash on Software Transparency Requirements

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.