The House Homeland Security Committee approved two notable cybersecurity-related bills during a markup session on May 17, sending them to the full House for further consideration.
One of those is the Securing Open Software Act of 2023 (HR 3286), which was created in response to the Log4j vulnerability discovered in 2023.
The bill would assign to the Cybersecurity and Infrastructure Security Agency (CISA) responsibilities for the security of open source software, and to “evaluate and better position Federal agencies to securely use open source software,” said Rep. Mark Green, R-Tenn., chairman of the committee.
“In late 2021, a Chinese researcher discovered a new vulnerability and a widely used piece of open source software called log4j,” the chairman said. “The vulnerability allowed hackers to access and control devices remotely creating cyber risk and millions of devices worldwide.”
The legislation, he said, “is critical to improving how the Federal government manages its risk stemming from the use of open source software, the bedrock of our digital ecosystem.”
The committee also voted to approve the DHS Cybersecurity On-the-Job Training Program Act (HR 3208), which focuses on creating an on-the-job training program for new and existing Department of Homeland Security (DHS) personnel.
“I know we’ll continue to have differing positions on policy approaches during this Congress. But protecting the homeland and improving DHS is our charge and I believe all the bills being considered today make strides in achieving that goal, and I deeply appreciate his help and partnership,” Rep. Green said at the markup session.