Software Integrity Blog

 

AppSec Decoded: New executive order changes dynamic of software security standards

In this episode of AppSec Decoded, we discuss the impact of the new executive order by the Biden administration on organizations working with the government.

The past year has led many people and organizations to depend more on technology, completely changing the way they operate. With the increased dependency of technology, it should come as no surprise that the number of breaches and security risks have increased as well.

In fact, cyber security attacks have risen by 35% during COVID, and have exposed significant supply chain vulnerabilities in some of the largest government entities today. As a result, the Biden administration signed a new executive order defining cyber security requirements government entities must meet, directed by organizational needs.

Some of the requirements include:

  • Broadening security implications
  • Increasing software transparency
  • Adopting threat modeling and control validation
  • Working directly with suppliers to map out secure software frameworks and tools

What does this mean for organizations currently?

As it stands now, there are no deadlines for the requirements on organizations yet. However, what it does mean is that organizations that are trying to work with the government have a new bar similar to the impact on digital privacy seen with the enactment of General Data Protection Regulation (GDPR).

In essence, this order is a way to define how organizations would need to operate and/or hold themselves accountable for security risks as a government entity. In this episode of AppSec Decoded, Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center (CyRC), discusses how this order will change the way government entities or the heads of those entities operate to adjust to the surge of security threats.

Subscribe to the blog to get the latest AppSec news

 

More by this author