SOFTWARE COMPOSITION ANALYSIS

What is the Federal Government’s Cybersecurity Executive Order?

Today’s software supply chain is complex, and it’s under attack.

The Executive Order issued by the Biden administration calls for the National Institute of Standards and Technology (NIST) to provide software supply chain regulations within one year. These policies will determine how organizations check for and manage vulnerabilities within their applications.

PURPOSE OF THE EXECUTIVE ORDER

Improve threat information sharing between federal government and private sector
Modernize and implement stronger cybersecurity standards within the federal government
Improve software supply chain security
Establish a cybersecurity safety review board
Create a playbook for responding to cybersecurity incidents
Improve detection of cybersecurity incidents on federal government networks

WHAT’S IN THE EXECUTIVE ORDER

Any software provider that sells software into the federal government must provide a Software Bill of Materials (SBOM)
Evidence of regulatory compliance, including using tools to check code for vulnerabilities regularly and producing artifacts related to that testing
Ensuring software development processes include measures to secure the build environment
Proof of integrity of open source code use
Proof of/or plans to secure the security of legacy software

WHY CREATE AN SBOM

An SBOM should provide a comprehensive inventory of the software components in your applications. necessary given code is a complex ecosystem. There’s hierarchy, dependencies, modules that are shared across applications, sub-components, commercial code that includes open source, and open source code that has more open source.

An accurate, complete SBOM allows companies to control risk by identifying and mitigating security vulnerabilities and source code license infringement. An SBOM also encourages secure software development practices. Developers can vet code before embedding it in applications.

Greater transparency. Enhanced security.

Cybersecurity Awareness

Cyber threats are more real today than ever before. The industry is responding with new regulations to secure a maturing software supply chain. How do you get started on a cybersecurity program that meets the needs of your organization?

Play video

Resources

A New, More Effective Way to Create and Manage SBOMs

WATCH NOW

IDC Analyst Brief: The Open Source Blind Spot Putting Businesses at Risk

VIEW REPORT

Business Drivers of SBOM Adoption

VIEW EBOOK

Open Source Exchange: Security and License Compliance Challenges in the Year Ahead

View Event

SBOM Insights for Intelligent SBOM Management

View Data Sheet

Open Source Exchange – November 2022

WATCH NOW

Launch a Successful Cybersecurity Program

View Podcast

Software Supply Chain Management Trends and Predictions

WATCH NOW

Manage Software Ingredients for Complete Transparency

WATCH NOW

Reduce Software Supply Chain Uncertainty

WATCH NOW

What’s on the Horizon for the Software Supply Chain?

View Webinar

View All Resources

View all blog posts

Protect the Software Supply Chain. Get a Complete Software Bill of Materials.

The Executive Order encourages the private sector to follow the Federal Government’s lead and align cybersecurity strategy and investments with the government in order to minimize future attacks. Jumpstart your cybersecurity initiatives with Revenera.