What is the White House National Cybersecurity Strategy?
The Biden-Harris Administration’s National Cybersecurity Strategy calls to build and mature a digital ecosystem that is more resilient against cyber attacks. The Strategy frames two main fundamental shifts in how the United States will allocate roles, responsibilities, and resources in cyberspace:
- A call for cybersecurity liability and holding software providers responsible
- Aligning incentives to favor long-term investments in cybersecurity
How does the National Security Strategy impact software development?
The Strategy calls for future change around how organizations create and use software. They need to employ rigorous methods to ‘prevent bad outcomes’ and take full responsibility to protect consumers.
It also details that liability can’t be pushed off on the “open-source developer of a component that is integrated into a commercial product.” Changing the dynamics of accountability is the only way to drive the proper outcomes, but it’s just the beginning of a much larger shift in secure development.
Whilst The Strategy recognizes that even a perfect security process can’t guarantee perfect outcomes, vendors should no longer have the ability to disclaim any and all liability. Establishing the concept of safe harbors allows the industry to mature incrementally, leveling up security best practices in order to retain a liability shield, versus calling for sweeping reform and unrealistic outcomes as previous regulatory attempts have.
The White House National Security Strategy also moves to hold accountable companies that collect massive amounts of information and then leave that information open to attackers with little recourse. Without regulation changes, the ramifications of these types of breaches can be huge for consumers, while the resulting lawsuits amount to a rounding error and a cost of doing business for these companies.
How can you Prepare?
Sonatype is in a unique position to help you and your organization get ready.
We are regarded as highly trusted domain experts with unparalleled years of experience in this space. Over the years, we have been invited to advise on government legislation and strategy, including this one. Specifically, secure software development and the open source implications.
Two Key Areas of Preparation:
1. "Incentivize the adoption of secure software development practices", "Secure by Design" and "Secure from the Start"
Sonatype’s Platform helps organizations build secure software by identifying and remediating vulnerabilities early in the development process,enabling companies to ship software with no known open source vulnerabilities, mitigating liability issues down the line.
- Provides visibility and control over the open source components and third-party dependencies used in software applications.
- Prevents malware from entering the software development environment, like no other solution on the market
- Automates security testing and implementing continuous monitoring of software components throughout the development lifecycle.
2. "Promotion of the further development of SBOMs"
An SBOM is a formal list that details the third-party, open source components that make up a software application.
Need help to mitigate liability? Submit the form below.