Friday, December 5, 2014

Bills Introduced – 12-04-14

Yesterday, nearing the end of the second week of the lame duck Congress 29 bills were introduced. A trio of software security bills were introduced:

HR 5793 : To ensure the integrity of any software, firmware, or product developed for or purchased by the United States Government that uses a third party or open source component, and for other purposes. Sponsor: Rep Royce, Edward R. (R,CA)

HR 5800 : To prohibit Federal agencies from mandating the deployment of vulnerabilities in data security technologies. Sponsor: Rep Lofgren, Zoe (D,CA)

S.2981 : A bill to prohibit Federal agencies from mandating the deployment of vulnerabilities in data security technologies. Sponsor: Sen Wyden, Ron (D,OR)


According to a press release from the Wyden office, his bill is designed to stop Federal government agencies from requiring the existence of backdoors in US software or electronic devices. A copy of the bill language available on the Wyden web site contains an interesting loop hole; it only applies to “any computer hardware, computer software, or electronic device that is made available to the general public [emphasis added]” {§2(c)(2)}. A large truck could be driven through that loop hole.

No comments:

 
/* Use this with templates/template-twocol.html */