The Executive Order on Cybersecurity

In May of 2021, the Biden administration released an executive order on cybersecurity that outlines new security requirements for vendors selling software to the U.S. government. These requirements include security testing in the development process and a bill of materials for the open source libraries in use, so known vulnerabilities are disclosed and able to be tracked in the future. Although the order only impacts companies that sell software to the federal government in the near term, it also requires the development of a pilot program that would eventually change security requirements for all software vendors.

• CBS News
• BBJ
• Atlantic Council
• Shared Security
• ZDNet
• RSA Conference
• Bloomberg
• Nextgov
• SC Media

Sam King, CEO

• What is Most Noteworthy?
• What the Labeling Pilot Program Indicates About the Future of Software Security
• What Good Looks Like for Software Security
• Advice for Software Vendors

Chris Wysopal, Founder

• What Software Vendors Need to Know
• What is Most Surprising in the EO
• What is Most Noteworthy?
• The EO is a Long Time Coming
• Where to Start When Building a Software Security Program
• The EO Pilot Program for Ratings and Labeling for Software