Earlier this week, Chris DeRusha, federal CISO and deputy national cyber director in the White House, announced the release of Office of Management and Budget (OMB) guidance to ensure federal agencies rely only on software that has been built following standard cybersecurity practices. This software security requirement applies to all civilian federal agencies and software security vendors who do business with them.
The software security guidance was developed under President Biden’s wide-ranging cybersecurity executive order (EO) issued in May 2021. The impetus for the software security mandates contained in the order was the massive SolarWinds software breach that occurred in late 2020 and awakened the industry to the significant potential for damaging vulnerabilities in software and the software supply chain.
