A Amurka sun gabatar da doka don karfafa tsaro na software kyauta

Darkcrizt

4 minti

A Amurka sun gabatar da doka don karfafa tsaro na software kyauta

Amurka tana yin fare akan inganta inganci da tsaro na buɗaɗɗen tushe

da Sanatocin Amurka Gary Peters da Rob Portman, Shugaban kuma Babban Memba na Kwamitin Tsaron Cikin Gida da Harkokin Gwamnati, gabatar da dokokin bipartisan zuwa kare tsarin tarayya da muhimman ababen more rayuwa ta hanyar ƙarfafa tsaro na software kyauta.

Tare da dokar Tsaro na buɗaɗɗen tushe (Dokar Tsaro ta Buɗe Madogarar Software) Za a umurce CISA don haɓaka tsarin haɗari don tantance yadda gwamnatin tarayya ke amfani da manhajar budaddiyar manhaja, za ta kuma tantance yadda za a iya amfani da wannan tsarin da son rai ta hannun masu ababen more rayuwa da masu aiki.

Wannan zai gano hanyoyin da za a rage haɗari a kan tsarin amfani da buɗaɗɗen software. doka Har ila yau, yana tilasta wa CISA hayar ƙwararru masu ƙwarewa wajen haɓaka software na bude tushen don tabbatar da cewa gwamnati da al'umma suna aiki kafada da kafada kuma a shirye suke don magance abubuwan da suka faru kamar raunin Log4j. Bugu da kari, dokar ta bukaci Ofishin Gudanarwa da Kasafin Kudi (OMB) ya ba da jagora ga hukumomin tarayya kan amintaccen amfani da budaddiyar software da kuma kafa wani karamin kwamiti kan tsaro na software a cikin Kwamitin Ba da Shawarwari na Tsaro na Cybersecurity. na CISA.

Doka tana bin Saurara Peters da Portman suka shirya game da lamarin Log4j a farkon wannan shekarar, kuma za ta bukaci Hukumar Tsaro ta Intanet da Tsaro (CISA) ta tabbatar da cewa gwamnatin tarayya, muhimman ababen more rayuwa da sauran su suna amfani da software kyauta cikin aminci.

Kuma shine cewa raunin Log4j ya shafi miliyoyin na kwamfutoci a duk duniya, gami da muhimman abubuwan more rayuwa da tsarin tarayya. Wannan ya haifar da manyan masana harkar tsaro don yin magana game da ɗaya daga cikin mafi muni kuma yaɗuwar rashin lafiyar yanar gizo da aka taɓa gani.

Kungiyar budaddiyar manhajar Google ta ce ta yi nazari kan Maven Central, mafi girman ma'ajiyar kunshin Java, kuma ta gano cewa fakitin Java guda 35,863 suna amfani da nau'ikan laburare na Apache Log4j. Wannan ya haɗa da fakitin Java waɗanda ke amfani da nau'ikan Log4j masu rauni ga ainihin amfani da Log4Shell (CVE-2021-44228) da bug ɗin aiwatar da lambar nesa ta biyu da aka gano a cikin facin Log4Shell (CVE-2021-45046). An siffanta raunin da Tenable a matsayin "mafi girma kuma mafi mahimmancin raunin shekaru goma da suka gabata."

"Software kyauta shine tushen duniyar dijital kuma raunin Log4j ya nuna yadda muke dogaro da shi. Wannan lamarin ya haifar da babbar barazana ga tsarin tarayya da muhimman kasuwancin ababen more rayuwa, gami da bankuna, asibitoci da kayan aiki, wadanda Amurkawa ke dogaro da su a kowace rana don muhimman ayyuka, ”in ji Sanata Peters. “Wannan doka ta bangaranci da fahimtar juna za ta taimaka wajen kare manhajar kwamfuta kyauta da kuma kara karfafa garkuwar yanar gizo daga masu aikata laifuka ta yanar gizo da kuma abokan gaba na kasashen waje da ke kaddamar da hare-hare a kan hanyoyin sadarwa a fadin kasar. »

"Kamar yadda muka gani tare da raunin log4shell, kwamfutoci, wayoyi da gidajen yanar gizon da muke amfani da su a kowace rana suna dauke da software na budadden tushe wanda ke da rauni ga hare-haren yanar gizo," in ji Sanata Portman. “Dokar Tsaron Software ta Bude-bude na bangarorin biyu za ta tabbatar da cewa gwamnatin Amurka tana tsinkaya da kuma rage raunin tsaro a cikin budaddiyar manhaja don kare bayanan Amurkawa masu mahimmanci. »

Sanatocin sun ambaci haka yana da nauyi mai girma, wanda galibin kwamfutoci ne a duniya ta wata hanya ko wata suna da buɗaɗɗen software, ban da cewa an ambaci cewa gwamnatin tarayya, wacce ke daya daga cikin manyan masu amfani da manhaja kyauta a duniya, dole ne ta iya sarrafa abubuwan da ke tattare da ita kuma ta ba da gudummawa ga tsaron software kyauta a cikin kamfanoni masu zaman kansu da sauran sassan jama'a.

Bugu da ƙari, dokar tana buƙatar Ofishin Gudanarwa da Kasafin Kudi don fitar da jagorori ga hukumomin tarayya kan amintaccen amfani da software kyauta da ƙirƙirar Kwamitin Tsaro na Software a cikin Kwamitin Ba da Shawarar Tsaro ta CISA.

Peters da Portman sun jagoranci ƙoƙari da yawa don ƙarfafa tsaron yanar gizo na ƙasarmu. Tanadin sa na bangaranci na tarihi wanda ke buƙatar masu mallaka da masu gudanar da muhimman ababen more rayuwa don bayar da rahoto ga CISA idan sun sami wani gagarumin hari ta yanar gizo ko kuma biyan kuɗin fansa an sanya hannu kan doka.

An kuma rattaba hannu kan dokar da ‘yan majalisar dattawa suka yi don karfafa tsaro ta yanar gizo ga gwamnatocin jihohi da na kananan hukumomi. Hakanan abin lura shine cewa kudirin Peters da Portman don kare hanyoyin sadarwar tarayya da tabbatar da cewa gwamnati za ta iya amfani da fasahar girgije cikin aminci kuma ta wuce gaba ɗaya a Majalisar Dattawa.

Finalmente Idan kuna da sha'awar sanin game da shi, zaka iya tuntuba cikakkun bayanai a cikin mahaɗin mai zuwa.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.