Merge pull request #27307 from littlebirdnest/master

littlebirdnest 申请
This commit is contained in:
Xingyu.Wang 2022-09-25 14:42:06 +08:00 committed by GitHub
commit 0ed3a7cfb0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 36 deletions

View File

@ -1,36 +0,0 @@
[#]: subject: "Lawmakers Proposes A New Bill To Protect Open Source Software"
[#]: via: "https://www.opensourceforu.com/2022/09/lawmakers-proposes-a-new-bill-to-protect-open-source-software/"
[#]: author: "Laveesh Kocher https://www.opensourceforu.com/author/laveesh-kocher/"
[#]: collector: "lkxed"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Lawmakers Proposes A New Bill To Protect Open Source Software
======
*The Office of Management and Budget would be tasked by the Securing Open Source Software Act with providing instructions on how to use open source software safely.*
A measure that would require the Cybersecurity and Infrastructure Security Agency to create a risk framework in order to improve the security of open source software was introduced by lawmakers on Thursday. To reduce risks in systems dependent on open source code, agencies would utilise the framework, and CISA would decide if critical infrastructure owners and operators might also use it voluntarily.
The majority of systems rely on open source software that is freely available and is maintained by communities in order to build websites and applications; one of the biggest users is the federal government. The legislation was introduced by Sens. Rob Portman, R-Ohio, and Gary Peters, D-Mich., the chairman and ranking member of the Homeland Security Committee, respectively, following a hearing in response to the discovery of a serious, widespread Log4j vulnerability in open source code affecting federal systems and millions of others globally.
“This incident presented a serious threat to federal systems and critical infrastructure companies — including banks, hospitals and utilities — that Americans rely on each and every day for essential services,” Peters said in the announcement. “This commonsense, bipartisan legislation will help secure open source software and further fortify our cybersecurity defenses against cybercriminals and foreign adversaries who launch incessant attacks on networks across the nation.”
The Securing Open Source Software Act would also require the Office of Management and Budget to issue guidance for agencies on securing open source software, create a software security subcommittee of the CISA Cybersecurity Advisory Committee, and require CISA to hire open source software experts to assist with cyber incidents.
Prior to that, Peters and Portmans proposals were passed unanimously by the Senate and signed into law, strengthening state and local governments cyber defences and forcing owners and operators of critical infrastructure to report significant cyberattacks and ransomware payments to CISA.
--------------------------------------------------------------------------------
via: https://www.opensourceforu.com/2022/09/lawmakers-proposes-a-new-bill-to-protect-open-source-software/
作者:[Laveesh Kocher][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.opensourceforu.com/author/laveesh-kocher/
[b]: https://github.com/lkxed

View File

@ -0,0 +1,35 @@
[#]: subject: "Lawmakers Proposes A New Bill To Protect Open Source Software"
[#]: via: "https://www.opensourceforu.com/2022/09/lawmakers-proposes-a-new-bill-to-protect-open-source-software/"
[#]: author: "Laveesh Kocher https://www.opensourceforu.com/author/laveesh-kocher/"
[#]: collector: "lkxed"
[#]: translator: "littlebirdnest"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
立法者提出一项保护开源软件的新法案
======
*《保护开源软件法案》将责成管理和预算办公室提供有关如何安全使用开源软件的说明。*
立法者周四提出了一项要求网络安全和基础设施安全局创建风险框架以提高开源软件安全性的措施。为了降低依赖开源代码的系统的风险机构将利用该框架CISA 将决定关键基础设施所有者和运营商是否也可以自愿使用它。
大多数系统依赖于免费提供并由社区维护的开源软件来构建网站和应用程序;最大的用户之一是联邦政府。该立法由国土安全委员会主席兼高级成员、俄亥俄州共和党参议员 Sens. Rob Portman, R-Ohio 和 Gary Peters D-Mich。发现一系列传播广泛的Log4j漏洞影响联邦系统和全球数百万其他系统的开源代码中的漏洞。
“这一事件对联邦系统和关键基础设施公司——包括银行、医院和公用事业公司——构成了严重威胁,美国人每天都依赖这些公司提供基本服务,”彼得斯在公告中说。“这项常识性的两党立法将有助于保护开源软件,并进一步加强我们对网络犯罪分子和对全国网络发起不断攻击的外国对手的网络安全防御。”
《保护开源软件法》还要求管理和预算办公室为机构发布关于保护开源软件的指南,创建 CISA 网络安全咨询委员会的一个软件安全小组委员会,并要求 CISA 聘请开源软件专家协助网络事件。
在此之前,彼得斯和波特曼的提议已获得参议院一致通过并签署成为法律,以加强州和地方政府的网络防御,并迫使关键基础设施的所有者和运营商向 CISA 报告重大网络攻击和勒索软件付款。
--------------------------------------------------------------------------------
via: https://www.opensourceforu.com/2022/09/lawmakers-proposes-a-new-bill-to-protect-open-source-software/
作者:[Laveesh Kocher][a]
选题:[lkxed][b]
译者:[littlebirdnest](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.opensourceforu.com/author/laveesh-kocher/
[b]: https://github.com/lkxed