I've been looking for any credible discussion of this Executive Order on a venue of recognized legal expertise, but I have not found any.
Specifically, I went to the LAWFARE blog, which I like, but I really didn't see anything on this Executive Order.
I did find this, but it's on a separate track. Maybe a parallel track. Yeah, I think it's on a parallel track. It's long, dry and detailed, and makes my eyes glaze over. I can hardly say that I've read any of it."The Biden Administration’s Impending Executive Order on Software Security"
|Last year’s revelation of the infiltration of federal agency digital supply chains—via the information technology (IT) contractor SolarWinds—revealed gaping holes in America’s cyber defenses. The White House recently attributed this intrusion to the Russian foreign intelligence service, further highlighting the sophisticated nature of malicious cyber actors targeting the United States. Following closely on this news was the announcement by Microsoft that probable Chinese government hackers had exploited previously unknown attack vectors in one of its products. The Biden administration has begun responding to these and other high-profile exploitations of vulnerabilities in commercially available software—including some used by the United States Government—through a variety of means.|
Although any retaliatory actions that the United States takes against the perpetrators of these digital espionage campaigns are worthy of their own analysis, preventing future such infiltrations in the first place is of vital concern. Toward this end, the White House has signaled its intent to release an executive order on software security. While the exact text of the order is not yet public, both media reporting and public statements by administration officials have highlighted what will likely be the key components.
In this post I describe what the order might look like—based on information that is currently publicly available—and also comment on the merits of its various aspects. From my analysis of the publicly available information, it appears likely the order will drive action in three specific domains: improvements to internal federal department and agency operations, mandatory secure development standards for contractors selling software to the government, and requirements for these organizations to report data breaches proactively and cooperate with investigations into them. . . .
Walter Haydock for LAWFARE; April 23, 2021.https://www.lawfareblog.com...er-software-security
It goes on from there.
[This message has been edited by rinselberg (edited 04-28-2021).]