How to navigate impending open source software security requirements

Open source security is a top, unavoidable priority in 2023. Thanks in part to high profile vulnerabilities like Log4Shell and SolarWinds, the US government has been moving quickly to mandate more stringent cybersecurity requirements for software in use at government agencies.

First there was White House cybersecurity executive order 14028, focused on the security and integrity of the software supply chain. Then there was the National Institute of Standards and Technology (NIST) two-part guidance, Special Publication 800- 218 and the Software Supply Chain Security Guidance. Next came White House Office of Management and Budget (OMB) memorandum M-22-18, with the subject line: Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. M-22-18 arrived flush with action items and, most importantly, deadlines—a few of which have already passed, and many that are approaching at a speedy clip.

And that’s just the U.S. government! 

• The European Union published a 2021 report “Understanding the increase in Supply Chain Security Attacks," followed by the Cyber Resilience Act proposed in September 2022.
• In July 2022 the UK government issued a proposal for legislation to "Improve the UK's Cyber Resilience.”
• Germany issued the Information Security Act 2.0 (IT-SiG), which requires operators of critical infrastructures (CRITIS) to have implemented enhanced security measures for their IT systems by May 1, 2023.

Regulations are coming, and wrangling your open source supply chain will be mandatory in 2023. Don’t worry, though! We’ve got your back. 

In this webinar, Tidelift CEO and co-founder Donald Fischer details all these rules, regulations, and, most importantly, impending deadlines. He’s read all the documents we’ve listed above so you don’t have to—and he has some ideas on how to meet these deadlines.

Watch now!