Members of the House of Representatives recently voted to pass the Department of Homeland Security (DHS) Software Supply Chain Risk Management Act of 2021 (H.R. 4611), a measure aiming to further secure software provided to DHS by contractors.
According to the new act, the DHS under secretary will issue guidance on future and ongoing software contracts. The bill specifies that new and existing contractors must provide certification that each item provided in their contract is free of known vulnerabilities and defects affecting the security of the end product or service. In order to provide this certification, contractors can reference the National Institute of Standards and Technology Vulnerability Database or any other database that tracks software security defects and vulnerabilities designated by the DHS under secretary in coordination with the director of the Cybersecurity and Infrastructure Agency.
The DHS guidance is expected to be released 180 days after the bill's enactment.