Security News > 2022 > September > White House to tech world: Promise you'll write secure code – or Feds won't use it
Today's requirements [PDF] stem from US President Joe Biden's cybersecurity executive order from May 2021, which was in response to the SolarWinds disaster and other high-profile software supply chain meddling.
This is essentially a guarantee from the vendor that their product meets minimum NIST standards for secure software development.
Uncle Sam wants federal agencies and software providers to keep those attestations hush-hush so that America doesn't give foreign spies and other miscreants a heads-up on how to break into US networks.
Finally, the memorandum encourages agencies to obtain "Artifacts," such as a software bill of materials, for example, "That demonstrate conformance to secure software development practices, as needed," from developers.
As one senior administration official said, during a press briefing on Biden's executive order, "We're all using the same software. We're all using Outlook email. We're all using Cisco and Juniper routers. So, essentially, by setting those secure software standards, we're benefiting everybody broadly."
"The role of government in this setting is to exert their influence as a software purchaser to require vendors to conform to industry best practices and standards for securing the software supply chain," Lorenc told The Register.