So, some new legislation to be aware of.
The top Democrat and Republican on the Senate Homeland Security Committee have introduced new legislation to protect open-source software from cyberattacks while evaluating how federal government agencies use open-source code.
The Securing Open Source Software Act would provide a series of new directives for the Cybersecurity and Infrastructure Security Agency to hire open-source experts and develop a framework to assess open-source code risks within one year. That story from NextGov.
Of note, that bill is in reaction to Log4J.
Signed in California, AB587, requires social media companies making more than $100 million in annual revenue to publish their terms of service and submit semiannual reports to the state attorney general detailing how they enforced those terms. Each violation can cost them up to $15,000.
Also from California, the California Age-Appropriate Design Code Act. The act requires all California companies providing online services that children might access to default to the highest level of privacy settings, conduct privacy impact assessments, and report them to the attorney general. It also prevents those businesses from using children’s personal information indiscriminately. These two are from Protocol.
Why do we care?
Most listeners shouldn’t spend their time worrying about bills like AB587 and instead focus on two areas to keep track of with their customers… these are examples of that.
First, ensure you’re tracking security-related changes based on the velocity they’re coming out of the government. Second, follow data and privacy because states are stepping in with the fed moving at its current glacial pace, which will continue to make it a complex area. Of course, complexity can mean opportunity too.