House Homeland Security passes bipartisan open source software measure requiring CISA framework

The House Homeland Security Committee has unanimously approved a bill that would require CISA to develop a framework for assessing risks related to open source software, an approach that lawmakers on both sides of the aisle characterized as a needed response to the ongoing Log4j vulnerability.

The legislation positions the federal government to “lead by example” on open source software security, according to Chairman Mark Green (R-TN), and strikes a balance between encouraging innovation and addressing security needs. The bill’s...