MuUnited States vakapa mutemo wekusimbisa kuchengetedzwa kwemahara software

MuUnited States vakapa mutemo wekusimbisa kuchengetedzwa kwemahara software

United States iri kubheja pakuvandudza mhando uye kuchengetedzeka kweyakavhurika sosi

ari Maseneta eUS Gary Peters naRob Portman, Sachigaro uye Nhengo yepamusoro yeHomeland Security uye Government Affairs Committee, yakaunza bipartisan mutemo kune chengetedza masisitimu emubatanidzwa uye zvakakosha masisitimu kuburikidza kusimbisa kuchengetedzwa kwemahara software.

Nemutemo weChengetedzo yeyakavhurika sosi (Kuchengetedza Open Source Software Act) CISA yaizotungamirirwa kugadzira hurongwa hwengozi kuongorora kuti hurumende yemubatanidzwa inoshandisa sei yakavhurika sosi software, yaizoongororawo mashandisirwo akafanana angashandiswa sei nekuzvidira nevaridzi vezvivakwa zvakakosha nevashandisi.

Izvi zvinozivisa nzira dzekudzikisa njodzi pane masisitimu anoshandisa open source software. mutemo inomanikidzawo CISA kuhaya nyanzvi dzine ruzivo mukugadzira yakavhurika sosi software kuve nechokwadi chekuti hurumende nenharaunda vanoshanda vakabatana uye vakagadzirira kugadzirisa zviitiko zvakaita sekusagadzikana kweLog4j. Pamusoro pezvo, mutemo uyu unoda kuti Hofisi yeManejimendi neBudget (OMB) ipe nhungamiro kumasangano emubatanidzwa nezvekushandiswa kwakachengeteka kwesoftware yakavhurika uye kugadza komiti diki pamusoro pekuchengetedzwa kwesoftware muCybersecurity Advisory Committee yeCISA.

Mitemo Inotevera Kunzwa inotungamirwa naPeter naPortman nezve chiitiko cheLog4j pakutanga kwegore rino, uye zvaizoda Cybersecurity uye Infrastructure Security Agency (CISA) kuona kuti hurumende yemubatanidzwa, zvakakosha zvivakwa uye vamwe vanoshandisa yemahara software zvakachengeteka.

Uye ndezvekuti kusagadzikana kweLog4j kwakanganisa mamirioni yemakomputa pasi rese, kusanganisira zvakakosha masisitimu uye federal masisitimu. Izvi zvaita kuti nyanzvi dzepamusoro-soro dzecybersecurity dzitaure nezve imwe yehuipi hwakanyanya uye hwakapararira hwecybersecurity hwakamboonekwa.

Chikwata cheGoogle chakavhurika sosi chakati chakaongorora Maven Central, hombe Java package repository, ndokuona kuti 35,863 Java mapakeji anoshandisa shanduro dzisina njodzi dzeraibhurari yeApache Log4j. Izvi zvinosanganisira Java mapakeji anoshandisa shanduro dzeLog4j panjodzi kune yekutanga Log4Shell exploit (CVE-2021-44228) uye yechipiri kure kure kodhi kodhi bug yakawanikwa muLog4Shell chigamba (CVE-2021-45046). Kusagadzikana kwave kuchiratidzwa neTenable se "kunyanya kusagadzikana kwakanyanya mumakore gumi apfuura."

"Mahara software ndiyo hwaro hwenyika yedhijitari uye kusagadzikana kweLog4j kwakaratidza kuti tinotsamira pazviri zvakadii. Chiitiko ichi chakatyisidzira zvakanyanya kuhurongwa hwemubatanidzwa nemabhizinesi akakosha ezvivakwa, anosanganisira mabhanga, zvipatara uye zvekushandisa, izvo vanhu vekuAmerica vanovimba nazvo zuva rega rega kuita mabasa akakosha, "akadaro Senator Peters. "Uyu mutemo we-bipartisan, wakajairwa unobatsira kuchengetedza software yemahara uye kusimbisa dziviriro yedu yecybersecurity kubva kuma cybercriminals uye mhandu dzekunze dziri kutanga kurwisa network munyika yose. »

"Sekuona kwatakaita nekusagadzikana kwelog4shell, makomputa, nharembozha nemawebhusaiti atinoshandisa tese mazuva ese ane yakavhurika sosi software iri panjodzi yekurwiswa necyber," akadaro Senator Portman. "Bipartisan Open Source Software Security Act ichaona kuti hurumende yeUS inotarisira uye inodzikamisa kusadzivirirwa mune yakavhurika sosi software kuchengetedza data revanhu vekuAmerica. »

Maseneta anotaura izvozvo ine huremu hukuru, iyo iyo yakawanda kwazvo yemakomputa munyika neimwe nzira kana imwe ive yakavhurika sosi software, kuwedzera kune kuti zvinorehwa izvozvo hurumende yemubatanidzwa, inova imwe yevanoshandisa zvakanyanya pasi rose zvemahara software, inofanirwa kukwanisa kugadzirisa njodzi dzayo uye kubatsira mukuchengetedzeka kwemahara software mubazi rakazvimirira uye neruzhinji rweruzhinji.

Pamusoro pezvo, mutemo unoda kuti Hofisi yeManejimendi neBudget ibudise nhungamiro kumasangano emubatanidzwa pamusoro pemashandisirwo akachengeteka esoftware yemahara uye kugadzira Software Security Subcommittee mukati meCISA's Cybersecurity Advisory Committee.

Peters naPortman vakatungamira nhamburiko dzinoverengeka dzekusimbisa kuchengetedzwa kwecyber yenyika yedu. Iyo yenhoroondo bipartisan gadziriro inoda kuti varidzi nevashandisi vezvivakwa zvakakosha kuti vataure kuCISA kana vakasangana neakakosha cyberattack kana kubhadhara ransomware yakasainwa kuita mutemo.

Mitemo nemaseneta ekusimbisa cyber chengetedzo yehurumende nehurumende dzematunhu yakasainwawo kuita mutemo. Chinocherechedzwazve ndechekuti mabhiri ePeters naPortman ekuchengetedza mubatanidzwa uye kuona kuti hurumende inokwanisa kutora zvakachengeteka tekinoroji yemakore zvakare yakapfuura nemuseneti muSeneti.

Finalmente Kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kubvunza ruzivo mune inotevera chinongedzo.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako