no more vulnerabilities

Posted on Aug 23, 2022

So last week the U.S. House of Representatives passed the National Defense Authorization Act for Fiscal Year 2023 which might become the law if it gets Senate approval and is signed into law by President Joe Biden.

This bill is a well intentioned effort to improve the overall standard of the software supply chain in use by the Department of Homeland Security. It requires the submission of a Software Bill of Materials for certification for any software product without any known open vulnerabilities or defects. Currently the NIST NVD and CISA registered databases will be referenced for validation.

This I believe is in response to various high profile cyber security incidents of the last few years.

I am not sure how succesful this will be as .gov usually prescribe the what and leave the how for everyone else to figure out.