S. 917, Securing Open Source Software Act of 2023

3.0.0 917 2025-05-27T14:15:48Z 2025-05-27T14:15:48Z Senate S S 2023-03-22 118 ssga00 Homeland Security and Governmental Affairs Committee Senate Standing Reported By 2023-05-16T18:57:55Z Markup By 2023-03-29T14:45:32Z Referred To 2023-03-22T16:03:55Z S. Rept. 118-32 2023-05-16 Senate Placed on Senate Legislative Calendar under General Orders. Calendar No. 76. Calendars 2023-05-16 ssga00 Homeland Security and Governmental Affairs Committee Senate Committee on Homeland Security and Governmental Affairs. Reported by Senator Peters with amendments. With written report No. 118-32. Committee 2023-05-16 Committee on Homeland Security and Governmental Affairs. Reported by Senator Peters with amendments. With written report No. 118-32. Committee 14000 9 Library of Congress ssga00 Homeland Security and Governmental Affairs Committee 2023-03-29 ssga00 Homeland Security and Governmental Affairs Committee Senate Committee on Homeland Security and Governmental Affairs. Ordered to be reported without amendment favorably. Committee 2023-03-22 ssga00 Homeland Security and Governmental Affairs Committee Senate Read twice and referred to the Committee on Homeland Security and Governmental Affairs. IntroReferral 2023-03-22 Introduced in Senate IntroReferral 10000 9 Library of Congress P000595 Sen. Peters, Gary C. [D-MI] Gary Peters D MI N H001089 Sen. Hawley, Josh [R-MO] Josh Hawley R MO 2023-03-22 True 2023-04-06T19:34:00Z S. 917, Securing Open Source Software Act of 2023 https://www.cbo.gov/publication/59036 As ordered reported by the Senate Committee on Homeland Security and Governmental Affairs on March 29, 2023 Government Operations and Politics Advisory bodies 2023-04-12T20:15:17Z Computer security and identity theft 2023-04-12T20:15:17Z Computers and information technology 2023-04-12T20:15:17Z Congressional oversight 2023-04-12T20:15:17Z Government information and archives 2023-04-12T20:15:17Z Government studies and investigations 2023-04-12T20:15:17Z Performance measurement 2023-04-12T20:15:17Z Government Operations and Politics 2023-03-27T20:32:51Z

00 2023-03-22 Introduced in Senate 2023-10-03T12:55:46Z Securing Open Source Software Act of 2023 This bill sets forth the duties of the Cybersecurity and Infrastructure Security Agency (CISA) regarding open source software security. Open source software means software for which the human-readable source code is made available to the public for use, study, reuse, modification, enhancement, and redistribution. Specifically, CISA must <ul> <li>perform outreach and engagement to bolster the security of open source software; </li> <li> support federal efforts to strengthen open source software security; </li> <li> coordinate with nonfederal entities on efforts to ensure long-term open source software security; </li> <li> serve as a public point of contact regarding open source software security for nonfederal entities; and </li> <li> support federal and nonfederal supply chain security efforts by encouraging efforts to bolster open source software security.</li> </ul> CISA must (1) publish a framework, incorporating government, industry, and open source software community frameworks and best practices, for assessing the risk of open source software components; (2) update the framework at least annually; and (3) ensure, to the greatest extent practicable, that the framework is usable by the open source software community. The bill requires CISA to assess open source software components used by federal agencies based on the framework and provides for a pilot assessment of critical infrastructure. CISA's Cybersecurity Advisory Committee may establish a software security subcommittee. The Office of Management and Budget, in coordination with CISA, the Office of the National Cyber Director, and the General Services Administration, shall issue guidance on the responsibilities of the chief information officers at specified agencies regarding open source software.

25 2023-05-16 Reported to Senate 2023-10-18T19:37:52Z Securing Open Source Software Act of 2023 This bill sets forth the duties of the Cybersecurity and Infrastructure Security Agency (CISA) regarding open source software security. Open source software means software for which the human-readable source code is made available to the public for use, study, reuse, modification, enhancement, and redistribution. Specifically, CISA must <ul> <li>perform outreach and engagement to bolster the security of open source software; </li> <li> support federal efforts to strengthen open source software security; </li> <li> coordinate with nonfederal entities on efforts to ensure long-term open source software security; </li> <li> serve as a public point of contact regarding open source software security for nonfederal entities; and </li> <li> support federal and nonfederal supply chain security efforts by encouraging efforts to bolster open source software security.</li> </ul> CISA must (1) publish a framework, incorporating government, industry, and open source software community frameworks and best practices, for assessing the risk of open source software components; (2) update the framework at least annually; and (3) ensure, to the greatest extent practicable, that the framework is usable by the open source software community. The bill requires CISA to assess open source software components used by federal agencies based on the framework and provides for a pilot assessment of critical infrastructure. CISA's Cybersecurity Advisory Committee may establish a software security subcommittee. The Office of Management and Budget, in coordination with CISA, the Office of the National Cyber Director, and the General Services Administration, shall issue guidance on the responsibilities of the chief information officers at specified agencies regarding open source software.

Securing Open Source Software Act of 2023 Display Title 45 Securing Open Source Software Act of 2023 2024-07-24T15:22:19Z Short Title(s) as Introduced 101 Securing Open Source Software Act of 2023 2024-05-24T13:41:52Z Introduced in Senate IS Short Title(s) as Reported to Senate 103 Securing Open Source Software Act of 2023 2024-05-24T13:40:15Z S Senate Reported to Senate RS Official Title as Introduced 6 A bill to establish the duties of the Director of the Cybersecurity and Infrastructure Security Agency regarding open source software security, and for other purposes. 2023-03-24T01:58:49Z Introduced in Senate IS Reported to Senate 2023-05-16T04:00:00Z https://www.govinfo.gov/content/pkg/BILLS-118s917rs/xml/BILLS-118s917rs.xml Introduced in Senate 2023-03-22T04:00:00Z https://www.govinfo.gov/content/pkg/BILLS-118s917is/xml/BILLS-118s917is.xml 2023-05-16 Placed on Senate Legislative Calendar under General Orders. Calendar No. 76. text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain. Congressional Research Service, Library of Congress This file contains bill summaries and statuses for federal legislation. A bill summary describes the most significant provisions of a piece of legislation and details the effects the legislative text may have on current law and federal programs. Bill summaries are authored by the Congressional Research Service (CRS) of the Library of Congress. As stated in Public Law 91-510 (2 USC 166 (d)(6)), one of the duties of CRS is "to prepare summaries and digests of bills and resolutions of a public general nature introduced in the Senate or House of Representatives". For more information, refer to the User Guide that accompanies this file.