SoylentNews

canopic jug [soylentnews.org] writes:

FedScoop has pointed out that industry vendors have until June 26 to comment on the Cybersecurity and Infrastructure Security Agency's (CISA) draft attestation form for government software providers [fedscoop.com]. The draft Secure Software Self-Attestation Common Form [cisa.gov] was published Thursday and the window for feedback is 60 days so comments will be accepted through June 26, 2023.

The Cybersecurity and Infrastructure Security Agency on Thursday published [cisa.gov] a draft attestation form for software providers working with federal government agencies.

The agency launched a 60-day request for comment period, during which industry is able to submit feedback [federalregister.gov] on the document.

This stems from Executive Order 14028 [federalregister.gov] and the Office of Management and Budget’s (OMB) M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. The CISA has requested that interested parties (that's you FOSS projects) review the Secure Software Development Attestation Common Form [cisa.gov], and submit feedback [federalregister.gov].

Redmond and its minions are already on this. Will the FSF, OSI, EFF, SFLC, SFC, and the others step up and be heard?

Original Submission