<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=705633339897683&amp;ev=PageView&amp;noscript=1">

Recap: Thinking upstream about cybersecurity executive order 14028

Amy Hays
by Amy Hays
on September 2, 2021

Updated on May 3, 2022

Don't miss the latest from Tidelift

Last week, Tidelift CEO and co-founder Donald Fischer conducted a live briefing about White House cybersecurity executive order 14028. Here’s a quick recap to catch you up to speed: A few months ago, the U.S. White House released cybersecurity executive order 14028, an attempt by the United States government to use its purchasing power to create positive changes to the way cybersecurity is addressed around the world. 

Screen Shot 2021-09-01 at 4.28.44 PMThis was in response to high profile breaches like the Colonial Pipeline ransomware attack and the SolarWinds software supply chain attack, which have shown that our cybersecurity defenses are woefully inadequate. This executive order forces a higher standard of cybersecurity for any organization selling software to the federal government, which in turn makes it the de facto global standard for all software in the future.

Donald covered three main themes with this briefing:

  1. He explained the key issues addressed in this executive order, like software bill of materials (SBOM), supply chain security, and provenance requirements. 
  2. He outlined the gaps that most organizations will need to close in order to stay in compliance.
  3. He shared a proactive approach to addressing open source software supply chain health and security upstream.

This executive order will have impacts beyond the U.S. government. This is an important topic for any organization that develops applications. You can watch the short, 30-minute briefing on demand now by filling out the form below: