Tidelift Advisory: US senators introduce the Securing Open Source Software Act of 2022 | September 27, 2022

"Last week, United States Senators Gary Peters and Rob Portman introduced the Securing Open Source Software Act of 2022, and referred it to the Committee on Homeland Security and Governmental Affairs. The bill commits the government to even deeper involvement in open source security and resilience issues, but mostly in ways that will be familiar to those who have followed various US government initiatives since Log4Shell....

Bottom line: achieving better security outcomes will require partnering with open source maintainers. If you work at an organization building applications using open source components, the writing on the wall is clear. Any organization wanting to sell software to the government will eventually need to ensure the open source components they are using in that software meet these expanded government requirements. And the issue you should be most concerned with is understanding who is on the hook to do the work to ensure the open source components that you use in your applications meet those standards...."