Could Careless Coders Face False Claims Liability?

New Software Development Security Attestation and Related False Claims Act Liability for Commercial and Noncommercial Software Developers and Suppliers

Key takeaway

Software producers at all levels in the federal supply chain should prepare to attest that their software development practices comply with National Institute of Standards and Technology (NIST) standards supported by artifacts that demonstrate secure software development and by the software bill of materials.

What happened

On Sept. 14, 2022, the Office of Management and Budget (OMB) issued guidance establishing time frames for requiring all federal agencies to only use software provided by developers (producers) who can attest in writing to complying with the NIST-specified secure software development framework (NIST SP 800-218) and NIST software supply chain security guidance. OMB’s actions implement President Joe Biden’s May 12, 2021 Executive Order requiring NIST to identify practices that enhance the security of the software supply chain.

OMB’s memorandum could have far-reaching implications for developers and federal suppliers. “Software” for this purpose includes firmware, operating systems,

Read more

Explore the site

More from the blog

Latest News